Windows
Analysis Report
#U00d6DEME FORMU.exe
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- #U00d6DEME FORMU.exe (PID: 6304 cmdline:
"C:\Users\ user\Deskt op\#U00d6D EME FORMU. exe" MD5: 0204546CC8568A60D97947C5FD6CCD49) - erltu.exe (PID: 6336 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\erltu.e xe C:\User s\user\App Data\Local \Temp\fvcs hciph MD5: 2603B527A791BAA25AC589C33B254470) - erltu.exe (PID: 6356 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\erltu.e xe C:\User s\user\App Data\Local \Temp\fvcs hciph MD5: 2603B527A791BAA25AC589C33B254470)
- cleanup
{"C2 list": ["www.liuchenggang.com/b0y1/"], "decoy": ["newindexpress.com", "tg5szfdz.xyz", "aims1881.com", "bonaegroup.com", "be99caboi8.xyz", "weddingcentrepieces.com", "acigdmodel.com", "ketotax.info", "learnedware.com", "learning-rich-work.store", "multipreset.store", "flyttfirmaorebro.com", "58bilisim.xyz", "joseketofitdiet.site", "duomeishop.com", "programacaozerobarriga.site", "gygezau517.xyz", "awesometutorials.xyz", "hwvzfn3t.xyz", "nycexoticbullies.com", "smallbizmaker.com", "isarfeuer.com", "wacker-silicones.com", "tongtoto.com", "xofitessentials.com", "begep.space", "paperbackbookbox.com", "ihhsiljc.beauty", "jankarbaniye.com", "boli-12.xyz", "gridwriter.com", "377manhua.com", "willywaw98cop.com", "acumelet.com", "theupgradeexperiencemedia.com", "pimientamultimedia.com", "phoenixgold.xyz", "plunderdseign.com", "erdberrehausgsd.net", "aboutsprouts.com", "castle-clash.com", "nwcabin.com", "kurtizanki-spb.com", "yqphx.xyz", "casinowithout.com", "jctcopera.com", "antalyaluxuryvilla.xyz", "sagedidthis.com", "144z.xyz", "iska4peps.life", "rightthewrong.biz", "zib0bsivacf8.xyz", "beijingzhongruanchuangheng.site", "jylfxx.net", "newsletterexperience.com", "rnrprowash.com", "bylunakdy.com", "upasev.online", "businessreputationmanager.com", "kidsacooking.com", "brangusprimebeef.com", "nickhaven.com", "o1apopdpzhah.xyz", "negociodigital.store"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Click to see the 1 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_00405426 | |
Source: | Code function: | 0_2_00405D9C | |
Source: | Code function: | 0_2_004026A1 |
Networking |
---|
Source: | URLs: |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00404FDD |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_004032FA |
Source: | Code function: | 0_2_004047EE | |
Source: | Code function: | 0_2_00406083 | |
Source: | Code function: | 1_2_0102496E | |
Source: | Code function: | 1_2_0102959D | |
Source: | Code function: | 1_2_01026880 | |
Source: | Code function: | 1_2_010285D1 | |
Source: | Code function: | 1_2_010138EE | |
Source: | Code function: | 1_2_01026DF2 | |
Source: | Code function: | 1_2_01026880 | |
Source: | Code function: | 1_2_01026880 | |
Source: | Code function: | 1_2_01027364 | |
Source: | Code function: | 1_2_0102496E | |
Source: | Code function: | 1_2_010167AE | |
Source: | Code function: | 1_2_007F0A2C |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_00402078 |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_00404333 |
Source: | Binary string: |
Source: | Code function: | 1_2_0101F048 |
Source: | Code function: | 0_2_00405DDA |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Evasive API call chain: |
Source: | Evasive API call chain: |
Source: | Code function: | 0_2_00405426 | |
Source: | Code function: | 0_2_00405D9C | |
Source: | Code function: | 0_2_004026A1 |
Source: | API call chain: | graph_0-3361 | ||
Source: | API call chain: |
Source: | Code function: | 1_2_0102457B |
Source: | Code function: | 1_2_007F061D | |
Source: | Code function: | 1_2_007F06F7 | |
Source: | Code function: | 1_2_007F0772 | |
Source: | Code function: | 1_2_007F0736 | |
Source: | Code function: | 1_2_007F03F8 |
Source: | Code function: | 1_2_01024395 |
Source: | Code function: | 0_2_00405DDA |
Source: | Code function: | 1_2_0102538A |
Source: | Code function: | 1_2_010214BB | |
Source: | Code function: | 1_2_010214EC |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 1_2_0101FE73 |
Source: | Code function: | 1_2_01020FE8 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 12 Native API | Path Interception | 11 Process Injection | 11 Process Injection | 1 Input Capture | 1 System Time Discovery | Remote Services | 1 Input Capture | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Obfuscated Files or Information | LSASS Memory | 13 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | Exfiltration Over Bluetooth | 1 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Software Packing | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | 1 Clipboard Data | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | 13 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
52% | Virustotal | Browse | ||
37% | ReversingLabs | Win32.Trojan.FormBook |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
48% | Virustotal | Browse | ||
44% | ReversingLabs | Win32.Trojan.FormBook |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.ZPACK.Gen | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| low |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 635282 |
Start date and time: 27/05/202218:22:58 | 2022-05-27 18:22:58 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 34s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | #U00d6DEME FORMU.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal96.troj.evad.winEXE@5/4@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Not all processes where analyzed, report is missing behavior information
Process: | C:\Users\user\Desktop\#U00d6DEME FORMU.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 134144 |
Entropy (8bit): | 6.41218091663839 |
Encrypted: | false |
SSDEEP: | 1536:dYTOG+x8+YaGDARvmJVBqNvnlajcCOO0LdXU8JiA1Oyrx9WTqIDEJ+ksaSIJnXSU:JfbnR6BqNvncvhw9WTfEcLa4iG5skW |
MD5: | 2603B527A791BAA25AC589C33B254470 |
SHA1: | 65EBDA93314517E098138BD9670ECCB345C7F662 |
SHA-256: | 1AD07E46E78EB5A2AFC723FC2A8DF86D7B731A3CA853E4225622226EFC786F8F |
SHA-512: | E5B3A208581A1B46382CC9D91D5C4FD3EE36DE741E57A1DB407F3A0B0602CC6678C7DBDCEB8DEE02614E1340FC7876DCD5088AB65DC74910A429CF21DAC6B579 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\#U00d6DEME FORMU.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5310 |
Entropy (8bit): | 6.093682530663886 |
Encrypted: | false |
SSDEEP: | 96:Wr9SaelkbOMBZUKzrCJEjZUFdPTzZoXeIPyHbODrnV/G8XhiOOAT/jOsu1p4w/k/:K9Sa3OEsoUXTzqbPRJSB1BRV0BDnR |
MD5: | 4E6A59FE3DCD5B83B64609193D85528E |
SHA1: | 1E0F857CD72F2984A09E821DCEA318CD2863B217 |
SHA-256: | 7C5E9EC5245DE0AF358577C4E78B2F24B3810E626E2F29B178B638B04FB86860 |
SHA-512: | DFDE155F973F2B13174B6FB9A2238677D79F49BBE9BACFF6A0046BA79B8BE23A861E56C8F14F4587FA52DCC81CA38FAC142C287D19E3AB4B4FD46155D14C3AB2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\#U00d6DEME FORMU.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 189951 |
Entropy (8bit): | 7.990465363694904 |
Encrypted: | true |
SSDEEP: | 3072:idfJQ4gfu2P+FGvM99Z1MG/ZtaEwV74jIFaRVIm53ZvUs1tFbdKKabXj2:idRku2SG4vlZtaqI8RWm53RUivBYXK |
MD5: | D922F036AA538A949728682FE98BF835 |
SHA1: | A850EDF8BFA9EC5694F512062DAFB58929215DEE |
SHA-256: | 5B6B55B1FA6DEC84C11C4127725ED66FB32394D8C09BE7C3771B43E12C6BFBC3 |
SHA-512: | 14C2188E46699A4268A157E2B8D1C40EFFC8B915916E479CE5C04900A1DBBB8E995561E63A5AEF162F986165EBD1CA7CF5A975488046A524C2498282DECB0A6B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\#U00d6DEME FORMU.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 335245 |
Entropy (8bit): | 7.531798748691562 |
Encrypted: | false |
SSDEEP: | 6144:HJPdRku2SG4vlZtaqI8RWm53RUivBYXpZpvncWMElGC:8WNSqHRWm53RdZYXp/cWMEl |
MD5: | 9D1B5193868454C6C8B9F0FEA6AA7C8E |
SHA1: | 02818918499AF004548E0C1F641AE9965F27AD13 |
SHA-256: | BFFEBF62D8473D23F0BA2001738071F94D53532D97D8D3A9B35CA272A8FBDFA5 |
SHA-512: | 562776614426BC11294FC7DD8599AEE68FE14ACCA1F8DE671F3A33299A2225EE2735AA2BE3C569BC3EAB3733F4C34FB80187FCD4361DE844E41FABED250A58B5 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.940379937299889 |
TrID: |
|
File name: | #U00d6DEME FORMU.exe |
File size: | 278482 |
MD5: | 0204546cc8568a60d97947c5fd6ccd49 |
SHA1: | ff7c492dd728279cd763af6fa525606431fc8db0 |
SHA256: | eddc1ee1fafda4fe7cf6d114276c992806f33d7527d346464bad7033875fbd66 |
SHA512: | 24fb62695c5455d362fbc157446a2cb2a7ae248268c0786cbd91a79a40fa32baa4f984cbbb45a6dd9f678f26cde7b6a7eb31cf1146f0fbaf17f060b58fa5d077 |
SSDEEP: | 6144:B0YuB3ZgxdaCVG/RF5JUVu0dXet0ojX1nQcznQ:eB3AdaC8/RFYTQ0QDQ |
TLSH: | FB441247B7F054F7D1729E3215A3E699F232A34619A191C71FB0AEB9B03E9C1048B74B |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........qJ...$...$...$./.{...$...%.;.$.".y...$..3....$.f."...$.Rich..$.........................PE..L.....iF.................Z......... |
Icon Hash: | b2a88c96b2ca6a72 |
Entrypoint: | 0x4032fa |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x4669CEB6 [Fri Jun 8 21:48:38 2007 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 55f3dfd13c0557d3e32bcbc604441dd3 |
Instruction |
---|
sub esp, 00000180h |
push ebx |
push ebp |
push esi |
xor ebx, ebx |
push edi |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 00409170h |
xor esi, esi |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [00407030h] |
push ebx |
call dword ptr [00407278h] |
mov dword ptr [00423FD4h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 00000160h |
push eax |
push ebx |
push 0041F4E8h |
call dword ptr [00407154h] |
push 0040922Ch |
push 00423720h |
call 00007F2BD1003B38h |
call dword ptr [004070B4h] |
mov edi, 00429000h |
push eax |
push edi |
call 00007F2BD1003B26h |
push ebx |
call dword ptr [00407108h] |
cmp byte ptr [00429000h], 00000022h |
mov dword ptr [00423F20h], eax |
mov eax, edi |
jne 00007F2BD100139Ch |
mov byte ptr [esp+14h], 00000022h |
mov eax, 00429001h |
push dword ptr [esp+14h] |
push eax |
call 00007F2BD1003619h |
push eax |
call dword ptr [00407218h] |
mov dword ptr [esp+1Ch], eax |
jmp 00007F2BD10013F5h |
cmp cl, 00000020h |
jne 00007F2BD1001398h |
inc eax |
cmp byte ptr [eax], 00000020h |
je 00007F2BD100138Ch |
cmp byte ptr [eax], 00000022h |
mov byte ptr [esp+14h], 00000020h |
jne 00007F2BD1001398h |
inc eax |
mov byte ptr [esp+14h], 00000022h |
cmp byte ptr [eax], 0000002Fh |
jne 00007F2BD10013C5h |
inc eax |
cmp byte ptr [eax], 00000053h |
jne 00007F2BD10013A0h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x73a0 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2c000 | 0x900 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x288 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x59ac | 0x5a00 | False | 0.668142361111 | data | 6.45807821776 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x117a | 0x1200 | False | 0.4453125 | data | 5.17513527374 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x1afd8 | 0x400 | False | 0.6015625 | data | 4.98110806401 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x24000 | 0x8000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x2c000 | 0x900 | 0xa00 | False | 0.409375 | data | 3.94448786242 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x2c190 | 0x2e8 | data | English | United States |
RT_DIALOG | 0x2c478 | 0x100 | data | English | United States |
RT_DIALOG | 0x2c578 | 0x11c | data | English | United States |
RT_DIALOG | 0x2c698 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x2c6f8 | 0x14 | data | English | United States |
RT_MANIFEST | 0x2c710 | 0x1eb | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | SetFileTime, CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, CreateFileA, GetFileSize, GetModuleFileNameA, GetTickCount, GetCurrentProcess, CloseHandle, ExitProcess, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, SetErrorMode, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, CopyFileA |
USER32.dll | EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, CreateDialogParamA, DestroyWindow, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow |
GDI32.dll | SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject |
SHELL32.dll | SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation |
ADVAPI32.dll | RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance |
VERSION.dll | GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 18:24:13 |
Start date: | 27/05/2022 |
Path: | C:\Users\user\Desktop\#U00d6DEME FORMU.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 278482 bytes |
MD5 hash: | 0204546CC8568A60D97947C5FD6CCD49 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 1 |
Start time: | 18:24:15 |
Start date: | 27/05/2022 |
Path: | C:\Users\user\AppData\Local\Temp\erltu.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1010000 |
File size: | 134144 bytes |
MD5 hash: | 2603B527A791BAA25AC589C33B254470 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Target ID: | 2 |
Start time: | 18:24:16 |
Start date: | 27/05/2022 |
Path: | C:\Users\user\AppData\Local\Temp\erltu.exe |
Wow64 process (32bit): | |
Commandline: | |
Imagebase: | |
File size: | 134144 bytes |
MD5 hash: | 2603B527A791BAA25AC589C33B254470 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Execution Graph
Execution Coverage: | 15.7% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 21.1% |
Total number of Nodes: | 1254 |
Total number of Limit Nodes: | 27 |
Graph
Function 004032FA Relevance: 72.0, APIs: 23, Strings: 18, Instructions: 265filestringcomCOMMON
Control-flow Graph
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405426 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 152filestringCOMMON
Control-flow Graph
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406083 Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
Control-flow Graph
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403A22 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
Control-flow Graph
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004036A1 Relevance: 49.2, APIs: 15, Strings: 13, Instructions: 213stringregistrylibraryCOMMON
Control-flow Graph
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C7D Relevance: 35.2, APIs: 9, Strings: 11, Instructions: 218memoryCOMMON
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040177F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
Control-flow Graph
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402F71 Relevance: 7.6, APIs: 5, Instructions: 109fileCOMMON
Control-flow Graph
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004056C8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
Control-flow Graph
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405361 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004064B8 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
C-Code - Quality: 99% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004066B9 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004063CF Relevance: 5.2, APIs: 4, Instructions: 205COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405ED4 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406322 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406440 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040638C Relevance: 5.2, APIs: 4, Instructions: 168COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004057CB Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004057AC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040327D Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004032AF Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404FDD Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004047EE Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404333 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 242stringCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004026A1 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040403D Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 204windowstringCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405842 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405B16 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 170stringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004026DF Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 102memoryfilestringCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402BCA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 65timeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F5C Relevance: 12.1, APIs: 8, Instructions: 61COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040164D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54stringfileCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040476E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D0E Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040468C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
C-Code - Quality: 35% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401BF8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
C-Code - Quality: 54% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004059DB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004055E7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004021C8 Relevance: 6.1, APIs: 4, Instructions: 56stringCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401F20 Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D68 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
C-Code - Quality: 61% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404DEF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402521 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040562E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405740 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007F11F5 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 236processthreadCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007F0809 Relevance: 7.7, APIs: 5, Instructions: 182fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01011000 Relevance: 7.6, APIs: 5, Instructions: 93memoryCOMMON
Control-flow Graph
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 97% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0101E331 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
Control-flow Graph
C-Code - Quality: 25% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010214BB Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007F03F8 Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007F061D Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007F0736 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007F0772 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007F06F7 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01012D75 Relevance: 9.1, APIs: 6, Instructions: 64COMMON
C-Code - Quality: 43% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010165DA Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 68windowCOMMON
C-Code - Quality: 64% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010142C4 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |