Windows
Analysis Report
empudh9lY5
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- empudh9lY5.exe (PID: 2560 cmdline:
C:\Users\u ser\Deskto p\empudh9l Y5.exe MD5: 8F43B86F351DB105A727E67E39459D78)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
CoreImpact_sysdll_exe | Detects a malware sysdll.exe from the Rocket Kitten APT | Florian Roth |
| |
WoolenGoldfish_Generic_3 | Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ | Florian Roth |
| |
CoreImpact_sysdll_exe | Detects a malware sysdll.exe from the Rocket Kitten APT | Florian Roth |
| |
WoolenGoldfish_Generic_3 | Detects a operation Woolen-Goldfish sample - http://goo.gl/NpJpVZ | Florian Roth |
|
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Code function: | 0_2_0057492D | |
Source: | Code function: | 0_2_00574047 | |
Source: | Code function: | 0_2_00574847 | |
Source: | Code function: | 0_2_00573871 | |
Source: | Code function: | 0_2_00574071 | |
Source: | Code function: | 0_2_00570861 | |
Source: | Code function: | 0_2_0057403B | |
Source: | Code function: | 0_2_0057402D | |
Source: | Code function: | 0_2_005740C6 | |
Source: | Code function: | 0_2_005740FD | |
Source: | Code function: | 0_2_005878ED | |
Source: | Code function: | 0_2_0057408E | |
Source: | Code function: | 0_2_0057288C | |
Source: | Code function: | 0_2_0057488B | |
Source: | Code function: | 0_2_005738BF | |
Source: | Code function: | 0_2_005740A9 | |
Source: | Code function: | 0_2_00573962 | |
Source: | Code function: | 0_2_00574169 | |
Source: | Code function: | 0_2_00574115 | |
Source: | Code function: | 0_2_0057390B | |
Source: | Code function: | 0_2_005741F0 | |
Source: | Code function: | 0_2_005739E0 | |
Source: | Code function: | 0_2_005741A6 | |
Source: | Code function: | 0_2_00574240 | |
Source: | Code function: | 0_2_00573A67 | |
Source: | Code function: | 0_2_00573A1E | |
Source: | Code function: | 0_2_00574A0D | |
Source: | Code function: | 0_2_00574A36 | |
Source: | Code function: | 0_2_00573AD7 | |
Source: | Code function: | 0_2_005742CA | |
Source: | Code function: | 0_2_005742E9 | |
Source: | Code function: | 0_2_00573A95 | |
Source: | Code function: | 0_2_005742BD | |
Source: | Code function: | 0_2_00573AA1 | |
Source: | Code function: | 0_2_00573B56 | |
Source: | Code function: | 0_2_00573B44 | |
Source: | Code function: | 0_2_00574344 | |
Source: | Code function: | 0_2_00573B76 | |
Source: | Code function: | 0_2_00573B7D | |
Source: | Code function: | 0_2_00574361 | |
Source: | Code function: | 0_2_00573B03 | |
Source: | Code function: | 0_2_00573B25 | |
Source: | Code function: | 0_2_00574320 | |
Source: | Code function: | 0_2_005743F1 | |
Source: | Code function: | 0_2_00573BFB | |
Source: | Code function: | 0_2_00574399 | |
Source: | Code function: | 0_2_00573BBC | |
Source: | Code function: | 0_2_005743B8 | |
Source: | Code function: | 0_2_005743A2 | |
Source: | Code function: | 0_2_00574440 | |
Source: | Code function: | 0_2_00574400 | |
Source: | Code function: | 0_2_00573CD4 | |
Source: | Code function: | 0_2_00573CDF | |
Source: | Code function: | 0_2_00573CFA | |
Source: | Code function: | 0_2_00574486 | |
Source: | Code function: | 0_2_0057355C | |
Source: | Code function: | 0_2_00574574 | |
Source: | Code function: | 0_2_0057357D | |
Source: | Code function: | 0_2_00573563 | |
Source: | Code function: | 0_2_00573D62 | |
Source: | Code function: | 0_2_00587511 | |
Source: | Code function: | 0_2_00573D04 | |
Source: | Code function: | 0_2_00573536 | |
Source: | Code function: | 0_2_00573D30 | |
Source: | Code function: | 0_2_00573D25 | |
Source: | Code function: | 0_2_0057452D | |
Source: | Code function: | 0_2_005735D4 | |
Source: | Code function: | 0_2_005745F6 | |
Source: | Code function: | 0_2_00573DF5 | |
Source: | Code function: | 0_2_00573595 | |
Source: | Code function: | 0_2_0057158D | |
Source: | Code function: | 0_2_00573DA0 | |
Source: | Code function: | 0_2_0057465B | |
Source: | Code function: | 0_2_00574666 | |
Source: | Code function: | 0_2_00573609 | |
Source: | Code function: | 0_2_00573E08 | |
Source: | Code function: | 0_2_00586E3F | |
Source: | Code function: | 0_2_00573628 | |
Source: | Code function: | 0_2_005736DC | |
Source: | Code function: | 0_2_00573ED9 | |
Source: | Code function: | 0_2_005736CF | |
Source: | Code function: | 0_2_005746FF | |
Source: | Code function: | 0_2_005746E3 | |
Source: | Code function: | 0_2_005736EE | |
Source: | Code function: | 0_2_00573E93 | |
Source: | Code function: | 0_2_00573EA3 | |
Source: | Code function: | 0_2_00573EAD | |
Source: | Code function: | 0_2_0057374B | |
Source: | Code function: | 0_2_00587F6A | |
Source: | Code function: | 0_2_0057476B | |
Source: | Code function: | 0_2_00573719 | |
Source: | Code function: | 0_2_00574709 | |
Source: | Code function: | 0_2_0057373F | |
Source: | Code function: | 0_2_00574726 | |
Source: | Code function: | 0_2_00573F2D | |
Source: | Code function: | 0_2_0057372B | |
Source: | Code function: | 0_2_00573FFC | |
Source: | Code function: | 0_2_005737E1 | |
Source: | Code function: | 0_2_00574797 | |
Source: | Code function: | 0_2_00573782 | |
Source: | Code function: | 0_2_0057378F |
Source: | Code function: |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Static file information: |
Source: | Code function: | 0_2_005719B6 | |
Source: | Code function: | 0_2_0057121E |
Source: | Static PE information: |
Source: | API coverage: |
Source: | Code function: | 0_2_0057492D |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Software Packing | OS Credential Dumping | 1 System Information Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Remote System Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 3 Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
22% | ReversingLabs | Win32.Trojan.Gholee |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
sherlock.servegame.com | 189.30.155.39 | true | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
189.30.155.39 | sherlock.servegame.com | Brazil | 8167 | BrasilTelecomSA-FilialDistritoFederalBR | false |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 715067 |
Start date and time: | 2022-10-03 15:49:52 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 26s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | empudh9lY5 (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.winEXE@1/0@3/1 |
EGA Information: |
|
HDC Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ocsp.digicert.com, ctldl.windowsupdate.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: empudh9lY5.exe
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
BrasilTelecomSA-FilialDistritoFederalBR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
File type: | |
Entropy (8bit): | 6.2099397885668255 |
TrID: |
|
File name: | empudh9lY5.exe |
File size: | 1283072 |
MD5: | 8f43b86f351db105a727e67e39459d78 |
SHA1: | ad9b43ecbae064ddca1908c40999974bc28466ba |
SHA256: | 9830e0d007c07364bf97b2a3e0496b7a7f5811e7e71fcdd9dada104d29d1982c |
SHA512: | e8d59fceaa01d7ef3b5ced15f15d75a0bdd0bd3cc828a741798798e4527f4d58051a2b3c5a028f347c42a49f760d918bd9f1d46f7ab8adccf5837db024982011 |
SSDEEP: | 24576:pmUgVoR4T0gR1U2vfVD8sA15qkJ1K3mbDQca9L32GY:pGoqT0ujvTO6L3 |
TLSH: | 27555AA27694C132C0620674DD6BCAF964357E24DF30A5877BE03F4F3EB5B807926296 |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 6117164569166de9 |
Entrypoint: | 0x40138c |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x4B3D3B00 [Fri Jan 1 00:00:00 2010 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | cafc89e1b0a9b2c5b10389d6d19936ce |
Instruction |
---|
jmp 00007F2114C4EAC2h |
bound di, dword ptr [edx] |
inc ebx |
sub ebp, dword ptr [ebx] |
dec eax |
dec edi |
dec edi |
dec ebx |
nop |
jmp 00007F2115114B4Dh |
mov eax, dword ptr [004C608Bh] |
shl eax, 02h |
mov dword ptr [004C608Fh], eax |
push edx |
push 00000000h |
call 00007F2114D12010h |
mov edx, eax |
call 00007F2114D0326Fh |
pop edx |
call 00007F2114D03191h |
call 00007F2114D032A4h |
push 00000000h |
call 00007F2114D044D9h |
pop ecx |
push 004C6034h |
push 00000000h |
call 00007F2114D11FEAh |
mov dword ptr [004C6093h], eax |
push 00000000h |
jmp 00007F2114D0D99Ch |
jmp 00007F2114D0450Bh |
xor eax, eax |
mov al, byte ptr [004C607Dh] |
ret |
mov eax, dword ptr [004C6093h] |
ret |
pushad |
mov ebx, BCB05000h |
push ebx |
push 00000BADh |
ret |
mov ecx, 000000E4h |
or ecx, ecx |
je 00007F2114C4EAFFh |
cmp dword ptr [004C608Bh], 00000000h |
jnc 00007F2114C4EABCh |
mov eax, 000000FEh |
call 00007F2114C4EA8Ch |
mov ecx, 000000E4h |
push ecx |
push 00000008h |
call 00007F2114D11FA7h |
push eax |
call 00007F2114D11FF5h |
or eax, eax |
jne 00007F2114C4EABCh |
mov eax, 000000FDh |
call 00007F2114C4EA6Bh |
push eax |
push eax |
push dword ptr [004C608Bh] |
call 00007F2114D0DB66h |
push dword ptr [004C608Bh] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xfc000 | 0x482 | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xf9000 | 0x24e5 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xfd000 | 0x489e3 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xf8000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xc5000 | 0xc4200 | False | 0.5265893881453155 | data | 6.9280540298858515 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0xc6000 | 0x31000 | 0x29200 | False | 0.3381637063069909 | data | 5.3675051401997385 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0xf7000 | 0x1000 | 0x200 | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0xf8000 | 0x1000 | 0x200 | False | 0.05078125 | data | 0.2108262677871819 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.idata | 0xf9000 | 0x3000 | 0x2600 | False | 0.3246299342105263 | data | 5.165811799711141 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.edata | 0xfc000 | 0x1000 | 0x600 | False | 0.3919270833333333 | data | 4.649758707069864 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0xfd000 | 0x489e3 | 0x48a00 | False | 0.07789304539586919 | data | 3.41590450767586 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x146000 | 0xc000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_BITMAP | 0xfe558 | 0x5c | Device independent bitmap graphic, 9 x 11 x 1, image size 44 | ||
RT_BITMAP | 0xfe5b4 | 0x64 | Device independent bitmap graphic, 11 x 13 x 1, image size 52 | ||
RT_BITMAP | 0xfe618 | 0x6c | Device independent bitmap graphic, 13 x 15 x 1, image size 60 | ||
RT_BITMAP | 0xfe684 | 0x74 | Device independent bitmap graphic, 15 x 17 x 1, image size 68 | ||
RT_BITMAP | 0xfe6f8 | 0x7c | Device independent bitmap graphic, 15 x 19 x 1, image size 76 | ||
RT_BITMAP | 0xfe774 | 0x84 | Device independent bitmap graphic, 17 x 21 x 1, image size 84 | ||
RT_BITMAP | 0xfe7f8 | 0x8c | Device independent bitmap graphic, 19 x 23 x 1, image size 92 | ||
RT_BITMAP | 0xfe884 | 0x94 | Device independent bitmap graphic, 21 x 25 x 1, image size 100 | ||
RT_BITMAP | 0xfe918 | 0x9c | Device independent bitmap graphic, 21 x 27 x 1, image size 108 | ||
RT_BITMAP | 0xfe9b4 | 0xb0 | Device independent bitmap graphic, 14 x 9 x 4, image size 72 | ||
RT_BITMAP | 0xfea64 | 0xec | Device independent bitmap graphic, 18 x 11 x 4, image size 132 | ||
RT_BITMAP | 0xfeb50 | 0x104 | Device independent bitmap graphic, 22 x 13 x 4, image size 156 | ||
RT_BITMAP | 0xfec54 | 0x158 | Device independent bitmap graphic, 26 x 15 x 4, image size 240 | ||
RT_BITMAP | 0xfedac | 0x178 | Device independent bitmap graphic, 26 x 17 x 4, image size 272 | ||
RT_BITMAP | 0xfef24 | 0x198 | Device independent bitmap graphic, 30 x 19 x 4, image size 304 | ||
RT_BITMAP | 0xff0bc | 0x20c | Device independent bitmap graphic, 34 x 21 x 4, image size 420 | ||
RT_BITMAP | 0xff2c8 | 0x234 | Device independent bitmap graphic, 38 x 23 x 4, image size 460 | ||
RT_BITMAP | 0xff4fc | 0x25c | Device independent bitmap graphic, 38 x 25 x 4, image size 500 | ||
RT_BITMAP | 0xff758 | 0x5c | Device independent bitmap graphic, 9 x 11 x 1, image size 44 | ||
RT_BITMAP | 0xff7b4 | 0x64 | Device independent bitmap graphic, 11 x 13 x 1, image size 52 | ||
RT_BITMAP | 0xff818 | 0x6c | Device independent bitmap graphic, 13 x 15 x 1, image size 60 | ||
RT_BITMAP | 0xff884 | 0x74 | Device independent bitmap graphic, 15 x 17 x 1, image size 68 | ||
RT_BITMAP | 0xff8f8 | 0x7c | Device independent bitmap graphic, 15 x 19 x 1, image size 76 | ||
RT_BITMAP | 0xff974 | 0x84 | Device independent bitmap graphic, 17 x 21 x 1, image size 84 | ||
RT_BITMAP | 0xff9f8 | 0x8c | Device independent bitmap graphic, 19 x 23 x 1, image size 92 | ||
RT_BITMAP | 0xffa84 | 0x94 | Device independent bitmap graphic, 21 x 25 x 1, image size 100 | ||
RT_BITMAP | 0xffb18 | 0x9c | Device independent bitmap graphic, 21 x 27 x 1, image size 108 | ||
RT_BITMAP | 0xffbb4 | 0xb0 | Device independent bitmap graphic, 14 x 9 x 4, image size 72 | ||
RT_BITMAP | 0xffc64 | 0xec | Device independent bitmap graphic, 18 x 11 x 4, image size 132 | ||
RT_BITMAP | 0xffd50 | 0x104 | Device independent bitmap graphic, 22 x 13 x 4, image size 156 | ||
RT_BITMAP | 0xffe54 | 0x158 | Device independent bitmap graphic, 26 x 15 x 4, image size 240 | ||
RT_BITMAP | 0xfffac | 0x178 | Device independent bitmap graphic, 26 x 17 x 4, image size 272 | ||
RT_BITMAP | 0x100124 | 0x198 | Device independent bitmap graphic, 30 x 19 x 4, image size 304 | ||
RT_BITMAP | 0x1002bc | 0x20c | Device independent bitmap graphic, 34 x 21 x 4, image size 420 | ||
RT_BITMAP | 0x1004c8 | 0x234 | Device independent bitmap graphic, 38 x 23 x 4, image size 460 | ||
RT_BITMAP | 0x1006fc | 0x25c | Device independent bitmap graphic, 38 x 25 x 4, image size 500 | ||
RT_ICON | 0x100958 | 0x882 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x1011dc | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 0 | English | United States |
RT_ICON | 0x10a684 | 0x7258 | Device independent bitmap graphic, 84 x 168 x 32, image size 0 | English | United States |
RT_ICON | 0x1118dc | 0x67e8 | Device independent bitmap graphic, 80 x 160 x 32, image size 0 | English | United States |
RT_ICON | 0x1180c4 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 0 | English | United States |
RT_ICON | 0x11d54c | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 0 | English | United States |
RT_ICON | 0x121774 | 0x3a48 | Device independent bitmap graphic, 60 x 120 x 32, image size 0 | English | United States |
RT_ICON | 0x1251bc | 0x32e8 | Device independent bitmap graphic, 56 x 112 x 32, image size 0 | English | United States |
RT_ICON | 0x1284a4 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States |
RT_ICON | 0x12aa4c | 0x1a68 | Device independent bitmap graphic, 40 x 80 x 32, image size 0 | English | United States |
RT_ICON | 0x12c4b4 | 0x1588 | Device independent bitmap graphic, 36 x 72 x 32, image size 0 | English | United States |
RT_ICON | 0x12da3c | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States |
RT_ICON | 0x12eae4 | 0xcd8 | Device independent bitmap graphic, 28 x 56 x 32, image size 0 | English | United States |
RT_ICON | 0x12f7bc | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | English | United States |
RT_ICON | 0x130144 | 0x6b8 | Device independent bitmap graphic, 20 x 40 x 32, image size 0 | English | United States |
RT_ICON | 0x1307fc | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States |
RT_DIALOG | 0x130c64 | 0x76 | data | ||
RT_STRING | 0x130cdc | 0x35c | data | ||
RT_STRING | 0x131038 | 0xdc | data | ||
RT_STRING | 0x131114 | 0x10c | data | ||
RT_STRING | 0x131220 | 0x33c | data | ||
RT_STRING | 0x13155c | 0x3dc | data | ||
RT_STRING | 0x131938 | 0xf0 | data | ||
RT_STRING | 0x131a28 | 0xd8 | data | ||
RT_STRING | 0x131b00 | 0x274 | data | ||
RT_STRING | 0x131d74 | 0x3d8 | data | ||
RT_STRING | 0x13214c | 0x374 | data | ||
RT_STRING | 0x1324c0 | 0x2dc | data | ||
RT_STRING | 0x13279c | 0x390 | data | ||
RT_STRING | 0x132b2c | 0x454 | data | ||
RT_RCDATA | 0x132f80 | 0x10 | data | ||
RT_RCDATA | 0x132f90 | 0x734 | Delphi compiled form 'TAddCEADataForm' | ||
RT_RCDATA | 0x1336c4 | 0x3ca | Delphi compiled form 'TAddDIDDataForm' | ||
RT_RCDATA | 0x133a90 | 0x15c7 | Delphi compiled form 'TAudioFormatForm' | ||
RT_RCDATA | 0x135058 | 0x78f | Delphi compiled form 'TAudioFormatListForm' | ||
RT_RCDATA | 0x1357e8 | 0xb12 | Delphi compiled form 'TColorimetryForm' | ||
RT_RCDATA | 0x1362fc | 0xff | Delphi compiled form 'TCommonForm' | ||
RT_RCDATA | 0x1363fc | 0x1aa2 | Delphi compiled form 'TDetailedResolutionForm' | ||
RT_RCDATA | 0x137ea0 | 0x7e4 | Delphi compiled form 'TDIDDetailedResolutionListForm' | ||
RT_RCDATA | 0x138684 | 0x2216 | Delphi compiled form 'TDisplayForm' | ||
RT_RCDATA | 0x13a89c | 0x1c20 | Delphi compiled form 'TExtensionBlockForm' | ||
RT_RCDATA | 0x13c4bc | 0x45f | Delphi compiled form 'TFreeSyncRangeForm' | ||
RT_RCDATA | 0x13c91c | 0x16d1 | Delphi compiled form 'THDMI2SupportForm' | ||
RT_RCDATA | 0x13dff0 | 0x4f3 | Delphi compiled form 'THDMIResolutionForm' | ||
RT_RCDATA | 0x13e4e4 | 0x18dd | Delphi compiled form 'THDMISupportForm' | ||
RT_RCDATA | 0x13fdc4 | 0x830 | Delphi compiled form 'THDRStaticMetadataForm' | ||
RT_RCDATA | 0x1405f4 | 0xf41 | Delphi compiled form 'TPropertiesForm' | ||
RT_RCDATA | 0x141538 | 0xee8 | Delphi compiled form 'TSpeakerSetupForm' | ||
RT_RCDATA | 0x142420 | 0x581 | Delphi compiled form 'TStandardResolutionForm' | ||
RT_RCDATA | 0x1429a4 | 0x13af | Delphi compiled form 'TTiledDisplayTopologyForm' | ||
RT_RCDATA | 0x143d54 | 0x556 | Delphi compiled form 'TTVResolutionForm' | ||
RT_RCDATA | 0x1442ac | 0x7d2 | Delphi compiled form 'TTVResolutionListForm' | ||
RT_RCDATA | 0x144a80 | 0xaba | Delphi compiled form 'TVideoCapabilityForm' | ||
RT_GROUP_ICON | 0x14553c | 0xe6 | GLS_BINARY_LSB_FIRST | English | United States |
RT_MANIFEST | 0x145624 | 0x3bf | ASCII text, with CRLF line terminators |
DLL | Import |
---|---|
SETUPAPI.DLL | SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsA |
ADVAPI32.DLL | RegCloseKey, RegCreateKeyExA, RegDeleteKeyA, RegDeleteValueA, RegEnumKeyExA, RegFlushKey, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA |
KERNEL32.DLL | CloseHandle, CompareStringA, CreateEventA, CreateFileA, CreateThread, DeleteCriticalSection, DeleteFileA, EnterCriticalSection, EnumCalendarInfoA, ExitProcess, FindClose, FindFirstFileA, FindResourceA, FormatMessageA, FreeLibrary, FreeResource, GetACP, GetCPInfo, GetCommandLineA, GetCurrentProcessId, GetCurrentThreadId, GetDateFormatA, GetDiskFreeSpaceA, GetEnvironmentStrings, GetFileAttributesA, GetFileType, GetFullPathNameA, GetLastError, GetLocalTime, GetLocaleInfoA, GetModuleFileNameA, GetModuleHandleA, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoA, GetStdHandle, GetStringTypeA, GetStringTypeW, GetSystemDefaultLangID, GetThreadLocale, GetTickCount, GetUserDefaultLCID, GetVersion, GetVersionExA, GlobalAddAtomA, GlobalDeleteAtom, GlobalFindAtomA, HeapAlloc, HeapFree, InitializeCriticalSection, InterlockedDecrement, InterlockedExchange, InterlockedIncrement, IsValidLocale, LCMapStringA, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadResource, LockResource, MulDiv, MultiByteToWideChar, RaiseException, ReadFile, ResetEvent, RtlUnwind, SetConsoleCtrlHandler, SetEndOfFile, SetErrorMode, SetEvent, SetFilePointer, SetHandleCount, SetLastError, SetThreadLocale, SizeofResource, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualQuery, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcpyA, lstrcpynA, lstrlenA |
VERSION.DLL | GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA |
COMCTL32.DLL | ImageList_Add, ImageList_BeginDrag, ImageList_Destroy, ImageList_DragEnter, ImageList_DragLeave, ImageList_DragMove, ImageList_DragShowNolock, ImageList_Draw, ImageList_DrawEx, ImageList_EndDrag, ImageList_GetBkColor, ImageList_GetDragImage, ImageList_GetIconSize, ImageList_GetImageCount, ImageList_Read, ImageList_Remove, ImageList_Replace, ImageList_SetBkColor, ImageList_SetIconSize, ImageList_Write, _TrackMouseEvent, ImageList_Create |
COMDLG32.DLL | GetOpenFileNameA, GetSaveFileNameA |
GDI32.DLL | BitBlt, CreateBitmap, CreateBrushIndirect, CreateCompatibleBitmap, CreateCompatibleDC, CreateDIBSection, CreateDIBitmap, CreateFontIndirectA, CreateHalftonePalette, CreatePalette, CreatePenIndirect, CreateSolidBrush, DeleteDC, DeleteObject, Ellipse, ExcludeClipRect, ExtTextOutA, GetBitmapBits, GetBrushOrgEx, GetClipBox, GetCurrentPositionEx, GetDCOrgEx, GetDIBColorTable, GetDIBits, GetDeviceCaps, GetObjectA, GetPaletteEntries, GetPixel, GetRgnBox, GetStockObject, GetSystemPaletteEntries, GetTextExtentPoint32A, GetTextMetricsA, GetWindowOrgEx, IntersectClipRect, LineTo, MaskBlt, MoveToEx, PatBlt, RealizePalette, RectVisible, Rectangle, RestoreDC, RoundRect, SaveDC, SelectClipRgn, SelectObject, SelectPalette, SetBkColor, SetBkMode, SetBrushOrgEx, SetDIBColorTable, SetPixel, SetROP2, SetStretchBltMode, SetTextColor, SetViewportOrgEx, SetWindowOrgEx, StretchBlt, UnrealizeObject |
USER32.DLL | ActivateKeyboardLayout, AdjustWindowRectEx, BeginPaint, CallNextHookEx, CallWindowProcA, CharLowerA, CharNextA, CharToOemA, CheckDlgButton, CheckMenuItem, ClientToScreen, CreateIcon, CreateMenu, CreatePopupMenu, CreateWindowExA, DefFrameProcA, DefMDIChildProcA, DefWindowProcA, DeleteMenu, DestroyCursor, DestroyIcon, DestroyMenu, DestroyWindow, DispatchMessageA, DispatchMessageW, DrawEdge, DrawFocusRect, DrawFrameControl, DrawIcon, DrawIconEx, DrawMenuBar, DrawTextA, EnableMenuItem, EnableScrollBar, EnableWindow, EndPaint, EnumChildWindows, EnumThreadWindows, EnumWindows, EqualRect, FillRect, FindWindowA, FrameRect, GetActiveWindow, GetCapture, GetClassInfoA, GetClassLongA, GetClientRect, GetCursor, GetCursorPos, GetDC, GetDCEx, GetDesktopWindow, GetFocus, GetForegroundWindow, GetIconInfo, GetKeyNameTextA, GetKeyState, GetKeyboardLayout, GetKeyboardLayoutList, GetKeyboardLayoutNameA, GetKeyboardState, GetKeyboardType, GetLastActivePopup, GetMenu, GetMenuItemCount, GetMenuItemID, GetMenuItemInfoA, GetMenuState, GetMenuStringA, GetMessagePos, GetParent, GetPropA, GetScrollInfo, GetScrollPos, GetScrollRange, GetSubMenu, GetSysColor, GetSysColorBrush, GetSystemMenu, GetTopWindow, GetWindow, GetWindowDC, GetWindowLongA, GetWindowLongW, GetWindowPlacement, GetWindowRect, GetWindowTextA, GetWindowThreadProcessId, InflateRect, InsertMenuA, InsertMenuItemA, IntersectRect, InvalidateRect, IsChild, IsDialogMessageA, IsDialogMessageW, IsDlgButtonChecked, IsIconic, IsRectEmpty, IsWindow, IsWindowEnabled, IsWindowUnicode, IsWindowVisible, IsZoomed, KillTimer, LoadBitmapA, LoadCursorA, LoadIconA, LoadKeyboardLayoutA, LoadStringA, MapVirtualKeyA, MapWindowPoints, MessageBoxA, OemToCharA, OffsetRect, PeekMessageA, PeekMessageW, PostMessageA, PostQuitMessage, PtInRect, RedrawWindow, RegisterClassA, RegisterClipboardFormatA, RegisterWindowMessageA, ReleaseCapture, ReleaseDC, RemoveMenu, RemovePropA, ScreenToClient, ScrollWindow, SendMessageA, SendMessageW, SetActiveWindow, SetCapture, SetClassLongA, SetCursor, SetFocus, SetForegroundWindow, SetMenu, SetMenuItemInfoA, SetParent, SetPropA, SetRect, SetScrollInfo, SetScrollPos, SetScrollRange, SetTimer, SetWindowLongA, SetWindowLongW, SetWindowPlacement, SetWindowPos, SetWindowTextA, SetWindowsHookExA, ShowOwnedPopups, ShowScrollBar, ShowWindow, SystemParametersInfoA, TrackPopupMenu, TranslateMDISysAccel, TranslateMessage, UnhookWindowsHookEx, UnregisterClassA, UpdateWindow, WaitMessage, WindowFromPoint, wsprintfA, GetSystemMetrics |
OLEAUT32.DLL | SafeArrayCreate, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayPtrOfIndex, SysAllocStringLen, SysFreeString, SysReAllocStringLen, VariantChangeType, VariantClear, VariantCopy, VariantInit |
Name | Ordinal | Address |
---|---|---|
@$xp$28Vistaaltfixunit@TVistaAltFix | 3 | 0x466b0c |
@Vistaaltfixunit@Finalization$qqrv | 8 | 0x466cb0 |
@Vistaaltfixunit@Register$qqrv | 4 | 0x466b38 |
@Vistaaltfixunit@TVistaAltFix@ | 2 | 0x466ac8 |
@Vistaaltfixunit@TVistaAltFix@$bctr$qqrp18Classes@TComponent | 5 | 0x466ba4 |
@Vistaaltfixunit@TVistaAltFix@$bdtr$qqrv | 6 | 0x466c1c |
@Vistaaltfixunit@TVistaAltFix@VistaWithTheme$qqrv | 7 | 0x466c6c |
@Vistaaltfixunit@initialization$qqrv | 9 | 0x466ce0 |
_AddCEADataForm | 11 | 0x4ef1a0 |
_AddDIDDataForm | 12 | 0x4ef1a4 |
_AudioFormatForm | 13 | 0x4ef1a8 |
_AudioFormatListForm | 14 | 0x4ef1ac |
_ColorimetryForm | 15 | 0x4ef1b0 |
_CommonForm | 16 | 0x4ef1b4 |
_DIDDetailedResolutionListForm | 18 | 0x4ef20c |
_DetailedResolutionForm | 17 | 0x4ef208 |
_DisplayForm | 19 | 0x4ef214 |
_ExtensionBlockForm | 20 | 0x4ef254 |
_FreeSyncRangeForm | 21 | 0x4f2714 |
_HDMI2SupportForm | 24 | 0x4f2720 |
_HDMIResolutionForm | 22 | 0x4f2718 |
_HDMISupportForm | 23 | 0x4f271c |
_HDRStaticMetadataForm | 25 | 0x4f2724 |
_PropertiesForm | 26 | 0x4f2728 |
_SpeakerSetupForm | 27 | 0x4f272c |
_StandardResolutionForm | 28 | 0x4f2730 |
_TVResolutionForm | 30 | 0x4f2738 |
_TVResolutionListForm | 31 | 0x4f273c |
_TiledDisplayTopologyForm | 29 | 0x4f2734 |
_VideoCapabilityForm | 32 | 0x4f2740 |
__GetExceptDLLinfo | 1 | 0x4013e5 |
___CPPdebugHook | 10 | 0x4c6098 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 3, 2022 15:51:33.522084951 CEST | 49702 | 8080 | 192.168.2.3 | 189.30.155.39 |
Oct 3, 2022 15:51:33.783726931 CEST | 8080 | 49702 | 189.30.155.39 | 192.168.2.3 |
Oct 3, 2022 15:51:34.319655895 CEST | 49702 | 8080 | 192.168.2.3 | 189.30.155.39 |
Oct 3, 2022 15:51:34.578561068 CEST | 8080 | 49702 | 189.30.155.39 | 192.168.2.3 |
Oct 3, 2022 15:51:35.210315943 CEST | 49702 | 8080 | 192.168.2.3 | 189.30.155.39 |
Oct 3, 2022 15:51:35.469022989 CEST | 8080 | 49702 | 189.30.155.39 | 192.168.2.3 |
Oct 3, 2022 15:52:05.559123993 CEST | 49703 | 8080 | 192.168.2.3 | 189.30.155.39 |
Oct 3, 2022 15:52:05.794964075 CEST | 8080 | 49703 | 189.30.155.39 | 192.168.2.3 |
Oct 3, 2022 15:52:06.306580067 CEST | 49703 | 8080 | 192.168.2.3 | 189.30.155.39 |
Oct 3, 2022 15:52:06.542495012 CEST | 8080 | 49703 | 189.30.155.39 | 192.168.2.3 |
Oct 3, 2022 15:52:07.056663990 CEST | 49703 | 8080 | 192.168.2.3 | 189.30.155.39 |
Oct 3, 2022 15:52:07.292512894 CEST | 8080 | 49703 | 189.30.155.39 | 192.168.2.3 |
Oct 3, 2022 15:52:37.412137985 CEST | 49704 | 8080 | 192.168.2.3 | 189.30.155.39 |
Oct 3, 2022 15:52:37.656075001 CEST | 8080 | 49704 | 189.30.155.39 | 192.168.2.3 |
Oct 3, 2022 15:52:38.168632984 CEST | 49704 | 8080 | 192.168.2.3 | 189.30.155.39 |
Oct 3, 2022 15:52:38.412554026 CEST | 8080 | 49704 | 189.30.155.39 | 192.168.2.3 |
Oct 3, 2022 15:52:38.918927908 CEST | 49704 | 8080 | 192.168.2.3 | 189.30.155.39 |
Oct 3, 2022 15:52:39.163156033 CEST | 8080 | 49704 | 189.30.155.39 | 192.168.2.3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 3, 2022 15:51:33.484947920 CEST | 57840 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 3, 2022 15:51:33.507029057 CEST | 53 | 57840 | 8.8.8.8 | 192.168.2.3 |
Oct 3, 2022 15:52:05.536159992 CEST | 57990 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 3, 2022 15:52:05.556083918 CEST | 53 | 57990 | 8.8.8.8 | 192.168.2.3 |
Oct 3, 2022 15:52:37.390862942 CEST | 52387 | 53 | 192.168.2.3 | 8.8.8.8 |
Oct 3, 2022 15:52:37.410737038 CEST | 53 | 52387 | 8.8.8.8 | 192.168.2.3 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 3, 2022 15:51:33.484947920 CEST | 192.168.2.3 | 8.8.8.8 | 0x7839 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2022 15:52:05.536159992 CEST | 192.168.2.3 | 8.8.8.8 | 0x74c3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 3, 2022 15:52:37.390862942 CEST | 192.168.2.3 | 8.8.8.8 | 0x5f5e | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 3, 2022 15:51:33.507029057 CEST | 8.8.8.8 | 192.168.2.3 | 0x7839 | No error (0) | 189.30.155.39 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2022 15:52:05.556083918 CEST | 8.8.8.8 | 192.168.2.3 | 0x74c3 | No error (0) | 189.30.155.39 | A (IP address) | IN (0x0001) | false | ||
Oct 3, 2022 15:52:37.410737038 CEST | 8.8.8.8 | 192.168.2.3 | 0x5f5e | No error (0) | 189.30.155.39 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 15:50:47 |
Start date: | 03/10/2022 |
Path: | C:\Users\user\Desktop\empudh9lY5.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1283072 bytes |
MD5 hash: | 8F43B86F351DB105A727E67E39459D78 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Execution Graph
Execution Coverage: | 2.2% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 4.9% |
Total number of Nodes: | 163 |
Total number of Limit Nodes: | 11 |
Graph
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0057488B Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 290libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0057476B Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 251libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00574847 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 226libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0057492D Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0058B39F Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0058D5BC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0058A905 Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0058AA5D Relevance: 1.5, APIs: 1, Instructions: 44networkCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005888EF Relevance: 1.3, APIs: 1, Instructions: 99sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00586E3F Relevance: 1.8, Strings: 1, Instructions: 547COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00587F6A Relevance: 1.8, Strings: 1, Instructions: 502COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 005878ED Relevance: 1.7, Strings: 1, Instructions: 486COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00587511 Relevance: .3, Instructions: 267COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00574A0D Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00574A36 Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |