Windows
Analysis Report
5iiXyNVCQ3
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll32.exe (PID: 3144 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\5ii XyNVCQ3.dl l" MD5: 1F562FBF37040EC6C43C8D5EF619EA39) - conhost.exe (PID: 676 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - cmd.exe (PID: 400 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\5ii XyNVCQ3.dl l",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 5996 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\5iiX yNVCQ3.dll ",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - svchost.exe (PID: 5972 cmdline:
C:\WINDOWS \system32\ svchost.ex e -K Netwo rkService MD5: FA6C268A5B5BDA067A901764D203D433) - rundll32.exe (PID: 964 cmdline:
rundll32.e xe C:\User s\user\Des ktop\5iiXy NVCQ3.dll, unll MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - svchost.exe (PID: 5020 cmdline:
C:\WINDOWS \system32\ svchost.ex e -K Netwo rkService MD5: FA6C268A5B5BDA067A901764D203D433) - WerFault.exe (PID: 1372 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 9 64 -s 844 MD5: 9E2B8ACAD48ECCA55C0230D63623661B) - svchost.exe (PID: 3832 cmdline:
C:\WINDOWS \system32\ svchost.ex e -K Netwo rkService MD5: FA6C268A5B5BDA067A901764D203D433) - WerFault.exe (PID: 5288 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 3 144 -s 616 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MALWARE_Win_BlackMoon | Detects executables using BlackMoon RunTime | ditekSHen |
| |
MALWARE_Win_BlackMoon | Detects executables using BlackMoon RunTime | ditekSHen |
| |
MALWARE_Win_BlackMoon | Detects executables using BlackMoon RunTime | ditekSHen |
| |
MALWARE_Win_BlackMoon | Detects executables using BlackMoon RunTime | ditekSHen |
| |
MALWARE_Win_BlackMoon | Detects executables using BlackMoon RunTime | ditekSHen |
| |
Click to see the 12 entries |
Timestamp: | 192.168.2.48.8.8.856572532023883 11/03/22-12:35:13.698250 |
SID: | 2023883 |
Source Port: | 56572 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | Potentially Bad Traffic |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: | |||
Source: | Metadefender: | Perma Link |
Source: | Avira: |
Source: | Virustotal: | Perma Link |
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior |
Source: | Code function: | 7_2_00483CEE | |
Source: | Code function: | 7_2_0041EED0 | |
Source: | Code function: | 7_2_0040F300 | |
Source: | Code function: | 7_2_00417FF0 |
Source: | Code function: | 0_2_1000300A | |
Source: | Code function: | 0_2_1000300A | |
Source: | Code function: | 0_2_1000300A | |
Source: | Code function: | 0_2_10001817 | |
Source: | Code function: | 0_2_10001817 | |
Source: | Code function: | 0_2_10001817 | |
Source: | Code function: | 0_2_10001817 | |
Source: | Code function: | 0_2_10001817 | |
Source: | Code function: | 0_2_10001817 | |
Source: | Code function: | 0_2_10001817 | |
Source: | Code function: | 0_2_10001817 | |
Source: | Code function: | 0_2_10001817 | |
Source: | Code function: | 0_2_10001817 | |
Source: | Code function: | 0_2_10001817 | |
Source: | Code function: | 0_2_10001817 | |
Source: | Code function: | 0_2_10001817 | |
Source: | Code function: | 0_2_10001027 | |
Source: | Code function: | 0_2_10002D31 | |
Source: | Code function: | 0_2_10002D31 | |
Source: | Code function: | 0_2_10002D31 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 0_2_100013D3 | |
Source: | Code function: | 0_2_100013D3 | |
Source: | Code function: | 0_2_100013D3 | |
Source: | Code function: | 0_2_100013D3 | |
Source: | Code function: | 0_2_10004606 | |
Source: | Code function: | 0_2_10004610 | |
Source: | Code function: | 0_2_1000461A | |
Source: | Code function: | 0_2_10004624 | |
Source: | Code function: | 0_2_1000462E | |
Source: | Code function: | 0_2_1000283C | |
Source: | Code function: | 0_2_10005E5F | |
Source: | Code function: | 0_2_10005E5F | |
Source: | Code function: | 0_2_10005E5F | |
Source: | Code function: | 0_2_10006272 | |
Source: | Code function: | 0_2_10006272 | |
Source: | Code function: | 0_2_1000667B | |
Source: | Code function: | 0_2_1000667B | |
Source: | Code function: | 0_2_10008C8B | |
Source: | Code function: | 0_2_10008C8B | |
Source: | Code function: | 0_2_100068F2 | |
Source: | Code function: | 0_2_10005F47 | |
Source: | Code function: | 0_2_10005F47 | |
Source: | Code function: | 0_2_10001F4E | |
Source: | Code function: | 0_2_1000676C | |
Source: | Code function: | 0_2_10005D6F | |
Source: | Code function: | 0_2_10005D6F | |
Source: | Code function: | 0_2_10007779 | |
Source: | Code function: | 0_2_10008779 | |
Source: | Code function: | 0_2_10008779 | |
Source: | Code function: | 0_2_10008779 | |
Source: | Code function: | 0_2_10008779 | |
Source: | Code function: | 0_2_10008779 | |
Source: | Code function: | 0_2_10008779 | |
Source: | Code function: | 0_2_10006984 | |
Source: | Code function: | 0_2_10007FBF | |
Source: | Code function: | 0_2_100065CF | |
Source: | Code function: | 0_2_100061D0 | |
Source: | Code function: | 0_2_100061D0 | |
Source: | Code function: | 0_2_10007FFC | |
Source: | Code function: | 0_2_10007FFC | |
Source: | Code function: | 0_2_10007FFC | |
Source: | Code function: | 0_2_10007FFC | |
Source: | Code function: | 0_2_100045FC | |
Source: | Code function: | 3_2_1000300A | |
Source: | Code function: | 3_2_1000300A | |
Source: | Code function: | 3_2_1000300A | |
Source: | Code function: | 3_2_10001817 | |
Source: | Code function: | 3_2_10001817 | |
Source: | Code function: | 3_2_10001817 | |
Source: | Code function: | 3_2_10001817 | |
Source: | Code function: | 3_2_10001817 | |
Source: | Code function: | 3_2_10001817 | |
Source: | Code function: | 3_2_10001817 | |
Source: | Code function: | 3_2_10001817 | |
Source: | Code function: | 3_2_10001817 | |
Source: | Code function: | 3_2_10001817 | |
Source: | Code function: | 3_2_10001817 | |
Source: | Code function: | 3_2_10001817 | |
Source: | Code function: | 3_2_10001817 | |
Source: | Code function: | 3_2_10001027 | |
Source: | Code function: | 3_2_10005E5F | |
Source: | Code function: | 3_2_10005E5F | |
Source: | Code function: | 3_2_10005E5F | |
Source: | Code function: | 3_2_10002D31 | |
Source: | Code function: | 3_2_10002D31 | |
Source: | Code function: | 3_2_10002D31 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 3_2_100013D3 | |
Source: | Code function: | 3_2_100013D3 | |
Source: | Code function: | 3_2_100013D3 | |
Source: | Code function: | 3_2_100013D3 | |
Source: | Code function: | 3_2_10004606 | |
Source: | Code function: | 3_2_10004610 | |
Source: | Code function: | 3_2_1000461A | |
Source: | Code function: | 3_2_10004624 | |
Source: | Code function: | 3_2_1000462E | |
Source: | Code function: | 3_2_1000283C | |
Source: | Code function: | 3_2_10006272 | |
Source: | Code function: | 3_2_10006272 | |
Source: | Code function: | 3_2_1000667B | |
Source: | Code function: | 3_2_1000667B | |
Source: | Code function: | 3_2_10008C8B | |
Source: | Code function: | 3_2_10008C8B | |
Source: | Code function: | 3_2_100068F2 | |
Source: | Code function: | 3_2_10005F47 | |
Source: | Code function: | 3_2_10005F47 | |
Source: | Code function: | 3_2_10001F4E | |
Source: | Code function: | 3_2_1000676C | |
Source: | Code function: | 3_2_10005D6F | |
Source: | Code function: | 3_2_10005D6F | |
Source: | Code function: | 3_2_10007779 | |
Source: | Code function: | 3_2_10008779 | |
Source: | Code function: | 3_2_10008779 | |
Source: | Code function: | 3_2_10008779 | |
Source: | Code function: | 3_2_10008779 | |
Source: | Code function: | 3_2_10008779 | |
Source: | Code function: | 3_2_10008779 | |
Source: | Code function: | 3_2_10006984 | |
Source: | Code function: | 3_2_10007FBF | |
Source: | Code function: | 3_2_100065CF | |
Source: | Code function: | 3_2_100061D0 | |
Source: | Code function: | 3_2_100061D0 | |
Source: | Code function: | 3_2_10007FFC | |
Source: | Code function: | 3_2_10007FFC | |
Source: | Code function: | 3_2_10007FFC | |
Source: | Code function: | 3_2_10007FFC | |
Source: | Code function: | 3_2_100045FC | |
Source: | Code function: | 4_2_1000300A | |
Source: | Code function: | 4_2_1000300A | |
Source: | Code function: | 4_2_1000300A | |
Source: | Code function: | 4_2_10001817 | |
Source: | Code function: | 4_2_10001817 | |
Source: | Code function: | 4_2_10001817 | |
Source: | Code function: | 4_2_10001817 | |
Source: | Code function: | 4_2_10001817 | |
Source: | Code function: | 4_2_10001817 | |
Source: | Code function: | 4_2_10001817 | |
Source: | Code function: | 4_2_10001817 | |
Source: | Code function: | 4_2_10001817 | |
Source: | Code function: | 4_2_10001817 | |
Source: | Code function: | 4_2_10001817 | |
Source: | Code function: | 4_2_10001817 | |
Source: | Code function: | 4_2_10001817 | |
Source: | Code function: | 4_2_10001027 | |
Source: | Code function: | 4_2_10005E5F | |
Source: | Code function: | 4_2_10005E5F | |
Source: | Code function: | 4_2_10005E5F | |
Source: | Code function: | 4_2_10002D31 | |
Source: | Code function: | 4_2_10002D31 | |
Source: | Code function: | 4_2_10002D31 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 4_2_100013D3 | |
Source: | Code function: | 4_2_100013D3 | |
Source: | Code function: | 4_2_100013D3 | |
Source: | Code function: | 4_2_100013D3 | |
Source: | Code function: | 4_2_10004606 | |
Source: | Code function: | 4_2_10004610 | |
Source: | Code function: | 4_2_1000461A | |
Source: | Code function: | 4_2_10004624 | |
Source: | Code function: | 4_2_1000462E | |
Source: | Code function: | 4_2_1000283C | |
Source: | Code function: | 4_2_10006272 | |
Source: | Code function: | 4_2_10006272 | |
Source: | Code function: | 4_2_1000667B | |
Source: | Code function: | 4_2_1000667B | |
Source: | Code function: | 4_2_10008C8B | |
Source: | Code function: | 4_2_10008C8B | |
Source: | Code function: | 4_2_100068F2 | |
Source: | Code function: | 4_2_10005F47 | |
Source: | Code function: | 4_2_10005F47 | |
Source: | Code function: | 4_2_10001F4E | |
Source: | Code function: | 4_2_1000676C | |
Source: | Code function: | 4_2_10005D6F | |
Source: | Code function: | 4_2_10005D6F | |
Source: | Code function: | 4_2_10007779 | |
Source: | Code function: | 4_2_10008779 | |
Source: | Code function: | 4_2_10008779 | |
Source: | Code function: | 4_2_10008779 | |
Source: | Code function: | 4_2_10008779 | |
Source: | Code function: | 4_2_10008779 | |
Source: | Code function: | 4_2_10008779 | |
Source: | Code function: | 4_2_10006984 | |
Source: | Code function: | 4_2_10007FBF | |
Source: | Code function: | 4_2_100065CF | |
Source: | Code function: | 4_2_100061D0 | |
Source: | Code function: | 4_2_100061D0 | |
Source: | Code function: | 4_2_10007FFC | |
Source: | Code function: | 4_2_10007FFC | |
Source: | Code function: | 4_2_10007FFC | |
Source: | Code function: | 4_2_10007FFC | |
Source: | Code function: | 4_2_100045FC | |
Source: | Code function: | 7_2_0046D431 | |
Source: | Code function: | 7_2_00433CB2 |
Networking |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: |
Source: | Snort IDS: |
Source: | ASN Name: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | Code function: | 7_2_0040741D |
Source: | Code function: | 7_2_004330C0 |
Source: | Code function: | 7_2_0048837D | |
Source: | Code function: | 7_2_00486887 | |
Source: | Code function: | 7_2_0041F080 | |
Source: | Code function: | 7_2_004317C0 |
Source: | Code function: | 7_2_00432F60 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process created: |
Source: | Code function: | 7_2_00418600 | |
Source: | Code function: | 7_2_00468080 | |
Source: | Code function: | 7_2_004520B0 | |
Source: | Code function: | 7_2_0044A170 | |
Source: | Code function: | 7_2_004661F0 | |
Source: | Code function: | 7_2_0045E260 | |
Source: | Code function: | 7_2_00428220 | |
Source: | Code function: | 7_2_004642C0 | |
Source: | Code function: | 7_2_00450350 | |
Source: | Code function: | 7_2_00416460 | |
Source: | Code function: | 7_2_004684F0 | |
Source: | Code function: | 7_2_004645F0 | |
Source: | Code function: | 7_2_00452580 | |
Source: | Code function: | 7_2_0044E700 | |
Source: | Code function: | 7_2_004527B0 | |
Source: | Code function: | 7_2_00466800 | |
Source: | Code function: | 7_2_004588D0 | |
Source: | Code function: | 7_2_00440AB0 | |
Source: | Code function: | 7_2_00464BF0 | |
Source: | Code function: | 7_2_00450B90 | |
Source: | Code function: | 7_2_00466C7E | |
Source: | Code function: | 7_2_00458D70 | |
Source: | Code function: | 7_2_00494D1E | |
Source: | Code function: | 7_2_00440DE0 | |
Source: | Code function: | 7_2_00466ECE | |
Source: | Code function: | 7_2_0044EED0 | |
Source: | Code function: | 7_2_00468E90 | |
Source: | Code function: | 7_2_00478F66 | |
Source: | Code function: | 7_2_00440F70 | |
Source: | Code function: | 7_2_00465040 | |
Source: | Code function: | 7_2_004510A9 | |
Source: | Code function: | 7_2_00463130 | |
Source: | Code function: | 7_2_004431DB | |
Source: | Code function: | 7_2_004531F0 | |
Source: | Code function: | 7_2_00421320 | |
Source: | Code function: | 7_2_004453E0 | |
Source: | Code function: | 7_2_0047D40C | |
Source: | Code function: | 7_2_0043D4F0 | |
Source: | Code function: | 7_2_00451566 | |
Source: | Code function: | 7_2_00461560 | |
Source: | Code function: | 7_2_00467500 | |
Source: | Code function: | 7_2_0044350D | |
Source: | Code function: | 7_2_0043B590 | |
Source: | Code function: | 7_2_0041F740 | |
Source: | Code function: | 7_2_0044D700 | |
Source: | Code function: | 7_2_0045D7C0 | |
Source: | Code function: | 7_2_004577A0 | |
Source: | Code function: | 7_2_00451851 | |
Source: | Code function: | 7_2_0045F9D0 | |
Source: | Code function: | 7_2_00443A72 | |
Source: | Code function: | 7_2_00451A04 | |
Source: | Code function: | 7_2_00419AE0 | |
Source: | Code function: | 7_2_00485B2B | |
Source: | Code function: | 7_2_0044DC40 | |
Source: | Code function: | 7_2_00465C70 | |
Source: | Code function: | 7_2_00451C7E | |
Source: | Code function: | 7_2_00457C1E | |
Source: | Code function: | 7_2_0042DC80 | |
Source: | Code function: | 7_2_00457E6E | |
Source: | Code function: | 7_2_00471EB0 | |
Source: | Code function: | 7_2_00449F00 | |
Source: | Code function: | 7_2_00443FD0 |
Source: | Code function: | 0_2_10001817 | |
Source: | Code function: | 0_2_10003356 | |
Source: | Code function: | 3_2_10001817 | |
Source: | Code function: | 3_2_10003356 | |
Source: | Code function: | 4_2_10001817 | |
Source: | Code function: | 4_2_10003356 | |
Source: | Code function: | 7_2_00484D30 | |
Source: | Code function: | 7_2_0040347E | |
Source: | Code function: | 7_2_0048551D | |
Source: | Code function: | 7_2_004870D1 | |
Source: | Code function: | 7_2_004858C5 | |
Source: | Code function: | 7_2_004858B5 | |
Source: | Code function: | 7_2_0041FD80 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | ReversingLabs: | ||
Source: | Metadefender: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_10007FFC |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Code function: | 7_2_00484376 |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior |
Source: | Code function: | 0_2_1000C67E | |
Source: | Code function: | 3_2_1000C67E | |
Source: | Code function: | 4_2_1000C67E | |
Source: | Code function: | 7_2_00492585 | |
Source: | Code function: | 7_2_00473322 | |
Source: | Code function: | 7_2_004713BE |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 7_2_004181F0 |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file |
Source: | Code function: | 7_2_00416460 | |
Source: | Code function: | 7_2_0041EDD0 | |
Source: | Code function: | 7_2_0046F977 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 7_2_00483CEE | |
Source: | Code function: | 7_2_0041EED0 | |
Source: | Code function: | 7_2_0040F300 | |
Source: | Code function: | 7_2_00417FF0 |
Source: | Thread delayed: | Jump to behavior |
Source: | API call chain: | graph_0-6349 | ||
Source: | API call chain: | graph_0-6093 | ||
Source: | API call chain: | graph_0-6103 | ||
Source: | API call chain: | graph_0-6411 | ||
Source: | API call chain: | graph_0-7272 | ||
Source: | API call chain: | graph_0-6672 | ||
Source: | API call chain: | graph_0-6225 | ||
Source: | API call chain: | graph_3-6724 | ||
Source: | API call chain: | graph_3-7259 | ||
Source: | API call chain: | graph_3-6157 | ||
Source: | API call chain: | graph_3-6462 | ||
Source: | API call chain: | graph_3-6399 | ||
Source: | API call chain: | graph_3-6147 | ||
Source: | API call chain: | graph_3-6358 | ||
Source: | API call chain: | graph_4-6148 | ||
Source: | API call chain: | graph_4-7259 | ||
Source: | API call chain: | graph_4-6463 | ||
Source: | API call chain: | graph_4-6725 | ||
Source: | API call chain: | graph_4-6359 | ||
Source: | API call chain: | graph_4-6400 | ||
Source: | API call chain: | graph_7-58232 |
Source: | Binary or memory string: |
Source: | Code function: | 7_2_004181F0 |
Source: | Code function: | 0_2_10009430 |
Source: | Code function: | 0_2_100017B4 | |
Source: | Code function: | 3_2_100017B4 | |
Source: | Code function: | 4_2_100017B4 |
Source: | Code function: | 7_2_0047C0DA | |
Source: | Code function: | 7_2_0047C0EC |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Code function: | 0_2_10003356 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 7_2_0046D210 | |
Source: | Code function: | 7_2_0047E607 | |
Source: | Code function: | 7_2_0047E7DC | |
Source: | Code function: | 7_2_0047EA67 | |
Source: | Code function: | 7_2_0047EB7A | |
Source: | Code function: | 7_2_0047ED6E | |
Source: | Code function: | 7_2_0047FB7A | |
Source: | Code function: | 7_2_0047FC37 | |
Source: | Code function: | 7_2_0047FC8D | |
Source: | Code function: | 7_2_0047FD50 |
Source: | Code function: | 7_2_00472C10 |
Source: | Code function: | 7_2_0046D210 |
Source: | Code function: | 7_2_0048D74C |
Source: | Code function: | 7_2_004688C0 |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | Path Interception | 511 Process Injection | 1 Deobfuscate/Decode Files or Information | 1 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 4 Obfuscated Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Input Capture | Exfiltration Over Bluetooth | 1 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 3 Software Packing | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | 2 Clipboard Data | Automated Exfiltration | 1 Non-Standard Port | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 2 Masquerading | NTDS | 13 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Virtualization/Sandbox Evasion | LSA Secrets | 111 Security Software Discovery | SSH | Keylogging | Data Transfer Size Limits | 1 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 511 Process Injection | Cached Domain Credentials | 1 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Rundll32 | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 1 Application Window Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 Remote System Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
93% | Virustotal | Browse | ||
95% | ReversingLabs | Win32.Trojan.Qqblack | ||
80% | Metadefender | Browse | ||
100% | Avira | HEUR/AGEN.1238485 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1238485 | ||
100% | Joe Sandbox ML | |||
95% | ReversingLabs | Win32.Trojan.Qqblack | ||
93% | Virustotal | Browse | ||
80% | Metadefender | Browse |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1225179 | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File | ||
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | TR/Crypt.NSPM.Gen | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
7% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
52eva.top | 208.100.26.242 | true | true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
208.100.26.242 | 52eva.top | United States | 32748 | STEADFASTUS | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 736960 |
Start date and time: | 2022-11-03 12:34:10 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 11m 13s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 5iiXyNVCQ3 (renamed file extension from none to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.evad.winDLL@16/9@1/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WerFault.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.20, 20.42.73.29
- Excluded domains from analysis (whitelisted): login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, onedsblobprdwus15.westus.cloudapp.azure.com, watson.telemetry.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
12:35:13 | API Interceptor | |
12:35:19 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
208.100.26.242 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
STEADFASTUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Process: | C:\Windows\SysWOW64\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 346783 |
Entropy (8bit): | 7.996288147606643 |
Encrypted: | true |
SSDEEP: | 6144:nuPt5aWk+Y/3hINHl9bVKRI0cZ+rmSM2DTlMVfPshRkj7ITKWVE3Rr1BdFnIi3Dq:nq5ayQRIBPQpx4MKVfPcEMeW4r1r1q2Q |
MD5: | 73C06C75BD9AA0A194B0DC73AB38CAC5 |
SHA1: | 7604D4BE31E6C017E3BD9A1E5590A81A7AAFB40F |
SHA-256: | FDE687287EF8CD7E6A6CE655355EACA2FBA25FD6C22CC1E4040281F73205BA90 |
SHA-512: | C8ABAEA48ABC45FDB8C20EE1945494C42E0E3CD487723F48BD34F31FD31833A94DEB38796397C8359FB3123E028A99AB5E8E05438399DCC34AE65D522F78487A |
Malicious: | true |
Antivirus: | |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_9cdbf19a94ecdea39c14ee8fd4f9ea7f9e7533d_fe4ae974_14fd8b6a\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8400335209117962 |
Encrypted: | false |
SSDEEP: | 96:89rfFEagpyMy9hy1Dg/jSupXIQcQ8c6+RccEmcw3G+a+z+HbHg/cBRTf3ocFa9ic:8hD7HSq6MYjAD/u7sfS274Itb |
MD5: | 029B56FA46932336D4C61BCBFC7C378F |
SHA1: | C669704DC882324B11DB6C3522B1E55A873DC56C |
SHA-256: | 5E4A1C71BAE91320F892346A7B9FC2414CB7F3B027845718669602496755182B |
SHA-512: | 496C8F34DDAECE907A9880EB3ECF94582261112687BFEE45C4880FE41D5B76F7982D703F07C4BEC5EC839FFC09BDD1561EAD706117AE7326FA922CD1FB685735 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_69aa54bf4562ff7e548e4d05abc368941456d4_82810a17_050990c9\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9541844269298931 |
Encrypted: | false |
SSDEEP: | 192:5OoziG0oXQHrCiljed+v/u7sfS274It7c:AozigX4rCiljei/u7sfX4It7c |
MD5: | D4871BD5F09D001ED088F83000470E6C |
SHA1: | FFCAB51A20C499035AE146931589B1FD9E9FD4E1 |
SHA-256: | 31F9341886D4BC84A223453E44A5EA72581C1FE8553125FC413B9BB4918DEDD4 |
SHA-512: | DBBA522DEE9296ADB9E1A475903AB3738D538D26A66E688AE006F8426F19987CFE39CA59278591DF1B9DD88B9FE7A08D9D09DBB49A211BD3478715E894800605 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 52196 |
Entropy (8bit): | 2.100276099272835 |
Encrypted: | false |
SSDEEP: | 384:M5/e3Pu10D2Mc31XAU7gB4PxVTnaRsjX9e:A/e3PQXAU7gBEVrH9e |
MD5: | EB05BCAEF80D6506CB224436AABDF23B |
SHA1: | B7C399B3652175ED0C13349064A4CF82B73C046E |
SHA-256: | BDB78C5C68739527F64F8F5E4D02722E7EA16A59BBD7D51F06ABF43325A2F24D |
SHA-512: | 936320A6FF6E732E18C93E04C5B05D50F7B70B34AB4C9635D34736AC5C4C352CF0E136081159EBCCEC17F523274BF70E57AA8111F379CCFD281B09C6FEE9229C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8362 |
Entropy (8bit): | 3.6863479858171404 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNigz6r7Xc6YeCSUD0gmf+RSyiQ+pDN89baIsfSem:RrlsNiU6r7Xc6Y7SUD0gmf+RSyVa7fi |
MD5: | DFAD9C1AB9D806D7B01DDAFAF8ACD34B |
SHA1: | 59C0AD8ACF214B2EC64EDB2751E98CC159245C4F |
SHA-256: | D8CF1907D1E9B46F8EE1D90E6377FEFFF34A6C16582A972DCD1BFF26AAC5773E |
SHA-512: | FF618E82D4383B86F4B4890346DDC2A6560574049B129190433E860FBA7C2F18C6F2F9E50E035282AF48344E144C4A6E91F422AFF04B1290842E6A9112DB99DB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4659 |
Entropy (8bit): | 4.417019346367334 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsEJgtWI9vvWgc8sqYjU8fm8M4JtNJF1x+q8vvNzKcQIcQwj4d:uITfCI+grsqY9JjKNKkwj4d |
MD5: | 2458C14FABB503C2EC5BB679358ACBD3 |
SHA1: | 590750A58C4B7D08D8C7FE6982917D1BAB14D0AD |
SHA-256: | 8FD99E797CDF7937C7E653E9AD6B551FABBE95EDF2CB2EF18F67EF9CD202844D |
SHA-512: | A83B9728E50562E8BF64A8FC9A85B9D56C0325C70AE47A7743B6182E11D29DB0FACBABC37225D107561232D97C972C599234E24221E2111D1D73AE1461811A9C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 54232 |
Entropy (8bit): | 2.031946433338903 |
Encrypted: | false |
SSDEEP: | 192:1S5RU7kxSJ1O5SkbJYh0aKyiM2PDdAQtnq/v8wYVuedFZCATN3cm:qxF5Lb002J2PDdAQQYVuy3Nsm |
MD5: | AA44E92E0176A2ACF98F8858692C0ABD |
SHA1: | E9BDE845E0E90E3192DFA6783BB156990C18928A |
SHA-256: | 17232689A5E7C9B99F13C02CD1ED79D7AB4A9414B95E3EF370C1D5EDD10EBAEB |
SHA-512: | 4DD89C5418B9D451B5B5A7C3F1CF7B12896271731D551D6623007BF1770E81F2165095971E5C4C07C0BDD50D2B831E6A1207D74FAA28463ABDA40F71DC864C74 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8346 |
Entropy (8bit): | 3.6859501652550146 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiGN60zl66YgD067b/Mgmf8kRSKQ+pDH89bd0sfYfm:RrlsNic696Yq067b/Mgmf8kRS/dnfN |
MD5: | 80A5435F92AC764FD43A4D26D0F6A498 |
SHA1: | 5EE6E7A91C9586B919A870876DC2279EAD34A071 |
SHA-256: | 227B42D87F9C480DC3373FD2FA6DFF47CF3BC75DFFAB293D8B51A4CE7A778BB8 |
SHA-512: | 7DB8567B178598F64A7E32428578D55C7C9DA6F6A084A5468701F47D15D3B11597BAAD31DA5BAC9EE7D6F4FBA38DB2F5739E855C685EE7D856B07ED82B5DA378 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4731 |
Entropy (8bit): | 4.438037024201743 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsEJgtWI9vvWgc8sqYjU8fm8M4JCdsNJFuDo+q8vjsNLA4SrSKd:uITfCI+grsqYlJwoKkADWKd |
MD5: | C3E1CAEDBAABCB26F01B8D4816EAA26E |
SHA1: | CBB46BBC8F6DD48E9BE7836B93512ED62F541225 |
SHA-256: | E7C3546CE9687DA3F667E49464BBACA4514BE6A1145C2C202B1D143B70E71CCD |
SHA-512: | C822A0B7AE5BE0256C50D4084036B6541CD09B271BA0E75E8CBD8F1B0F0F97C484B518A7B713582FB0B4B840C4540FAEFDE2568B8D342BD0CD044134ABD0119A |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.996288147606643 |
TrID: |
|
File name: | 5iiXyNVCQ3.dll |
File size: | 346783 |
MD5: | 73c06c75bd9aa0a194b0dc73ab38cac5 |
SHA1: | 7604d4be31e6c017e3bd9a1e5590a81a7aafb40f |
SHA256: | fde687287ef8cd7e6a6ce655355eaca2fba25fd6c22cc1e4040281f73205ba90 |
SHA512: | c8abaea48abc45fdb8c20ee1945494c42e0e3cd487723f48bd34f31fd31833a94deb38796397c8359fb3123e028a99ab5e8e05438399dcc34ae65d522f78487a |
SSDEEP: | 6144:nuPt5aWk+Y/3hINHl9bVKRI0cZ+rmSM2DTlMVfPshRkj7ITKWVE3Rr1BdFnIi3Dq:nq5ayQRIBPQpx4MKVfPcEMeW4r1r1q2Q |
TLSH: | B174229DD43BBC04C24357F491121B930F57BD5CDAA2206572FE2DF6881AE205FB2EA6 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... .L`N.L`N.L`N.7|B.M`N..o..N`N..|@.N`N.#.J.N`N...D.N`N.L`O."`N..o.._`N.zFE.z`N.L`N.M`N...E.O`N...J.M`N.RichL`N................ |
Icon Hash: | 74f0e4ecccdce0e4 |
Entrypoint: | 0x1008354e |
Entrypoint Section: | .nsp1 |
Digitally signed: | false |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DLL |
DLL Characteristics: | |
Time Stamp: | 0x5862801B [Tue Dec 27 14:52:11 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 99eb8dcfbd1a7e02dc8bf9d49c4aa67c |
Instruction |
---|
pushfd |
pushad |
call 00007F9124999295h |
pop ebp |
mov eax, 00000007h |
sub ebp, eax |
lea esi, dword ptr [ebp-00000272h] |
mov al, byte ptr [esi] |
cmp al, 00h |
je 00007F91249992A4h |
mov esi, ebp |
lea esi, dword ptr [ebp-0000024Ah] |
mov al, byte ptr [esi] |
cmp al, 01h |
je 00007F91249994D8h |
mov byte ptr [esi], 00000001h |
mov edx, ebp |
sub edx, dword ptr [ebp-000002B6h] |
mov dword ptr [ebp-000002B6h], edx |
add dword ptr [ebp-00000286h], edx |
lea esi, dword ptr [ebp-00000242h] |
add dword ptr [esi], edx |
pushad |
push 00000040h |
push 00001000h |
push 00001000h |
push 00000000h |
call dword ptr [ebp-0000020Eh] |
test eax, eax |
je 00007F9124999600h |
mov dword ptr [ebp-0000028Eh], eax |
call 00007F9124999295h |
pop ebx |
mov ecx, 00000368h |
add ebx, ecx |
push eax |
push ebx |
call 00007F9124999546h |
popad |
mov esi, dword ptr [esi] |
mov edi, ebp |
add edi, dword ptr [ebp-000002C6h] |
mov ebx, edi |
cmp dword ptr [edi], 00000000h |
jne 00007F912499929Ch |
add edi, 04h |
mov ecx, 00000000h |
jmp 00007F91249992A8h |
mov ecx, 00000001h |
add edi, dword ptr [ebx] |
add ebx, 04h |
cmp dword ptr [ebx], 00000000h |
je 00007F91249992C8h |
add dword ptr [ebx], edx |
mov esi, dword ptr [ebx] |
add edi, dword ptr [ebx+04h] |
push edi |
push ecx |
push edx |
push ebx |
push dword ptr [ebp-0000020Ah] |
push dword ptr [ebp-0000020Eh] |
mov edx, esi |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x83e66 | 0x3e | .nsp1 |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x83380 | 0xa0 | .nsp1 |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x83000 | 0x288 | .nsp1 |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x83ea4 | 0x8 | .nsp1 |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.nsp0 | 0x1000 | 0x82000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.nsp1 | 0x83000 | 0x55000 | 0x5469f | False | 0.9981345387972548 | data | 7.998366920306635 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.nsp2 | 0xd8000 | 0x1747 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x83058 | 0x230 | data | Chinese | China |
DLL | Import |
---|---|
KERNEL32.DLL | LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess |
USER32.DLL | DispatchMessageA |
ADVAPI32.DLL | RegCloseKey |
WS2_32.DLL | WSAStartup |
SHLWAPI.DLL | PathFileExistsA |
MSVCRT.DLL | ??3@YAXPAX@Z |
SHELL32.DLL | SHGetSpecialFolderPathA |
Name | Ordinal | Address |
---|---|---|
unll | 1 | 0x10008e14 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | China |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.48.8.8.856572532023883 11/03/22-12:35:13.698250 | UDP | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | 56572 | 53 | 192.168.2.4 | 8.8.8.8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 3, 2022 12:35:14.111439943 CET | 49695 | 5658 | 192.168.2.4 | 208.100.26.242 |
Nov 3, 2022 12:35:14.234112024 CET | 5658 | 49695 | 208.100.26.242 | 192.168.2.4 |
Nov 3, 2022 12:35:14.234241962 CET | 49695 | 5658 | 192.168.2.4 | 208.100.26.242 |
Nov 3, 2022 12:35:14.356290102 CET | 5658 | 49695 | 208.100.26.242 | 192.168.2.4 |
Nov 3, 2022 12:35:14.356889009 CET | 49695 | 5658 | 192.168.2.4 | 208.100.26.242 |
Nov 3, 2022 12:35:14.448417902 CET | 49695 | 5658 | 192.168.2.4 | 208.100.26.242 |
Nov 3, 2022 12:35:14.570745945 CET | 5658 | 49695 | 208.100.26.242 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 3, 2022 12:35:13.698250055 CET | 56572 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 3, 2022 12:35:14.096695900 CET | 53 | 56572 | 8.8.8.8 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 3, 2022 12:35:13.698250055 CET | 192.168.2.4 | 8.8.8.8 | 0xdf81 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 3, 2022 12:35:14.096695900 CET | 8.8.8.8 | 192.168.2.4 | 0xdf81 | No error (0) | 208.100.26.242 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 12:35:08 |
Start date: | 03/11/2022 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1230000 |
File size: | 116736 bytes |
MD5 hash: | 1F562FBF37040EC6C43C8D5EF619EA39 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Target ID: | 1 |
Start time: | 12:35:09 |
Start date: | 03/11/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c72c0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 2 |
Start time: | 12:35:09 |
Start date: | 03/11/2022 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd90000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 3 |
Start time: | 12:35:09 |
Start date: | 03/11/2022 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1120000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 4 |
Start time: | 12:35:09 |
Start date: | 03/11/2022 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1120000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 5 |
Start time: | 12:35:09 |
Start date: | 03/11/2022 |
Path: | C:\Windows\SysWOW64\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x12b0000 |
File size: | 44520 bytes |
MD5 hash: | FA6C268A5B5BDA067A901764D203D433 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 6 |
Start time: | 12:35:09 |
Start date: | 03/11/2022 |
Path: | C:\Windows\SysWOW64\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x12b0000 |
File size: | 44520 bytes |
MD5 hash: | FA6C268A5B5BDA067A901764D203D433 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 7 |
Start time: | 12:35:12 |
Start date: | 03/11/2022 |
Path: | C:\Windows\SysWOW64\svchost.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x12b0000 |
File size: | 44520 bytes |
MD5 hash: | FA6C268A5B5BDA067A901764D203D433 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 10 |
Start time: | 12:35:15 |
Start date: | 03/11/2022 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb50000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 12 |
Start time: | 12:35:17 |
Start date: | 03/11/2022 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb50000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Execution Graph
Execution Coverage: | 19.6% |
Dynamic/Decrypted Code Coverage: | 1.5% |
Signature Coverage: | 37.2% |
Total number of Nodes: | 779 |
Total number of Limit Nodes: | 19 |
Graph
Function 10003356 Relevance: 37.0, APIs: 22, Instructions: 4041COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100013D3 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299threadlibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000300A Relevance: 4.7, APIs: 3, Instructions: 220fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002D31 Relevance: 3.3, APIs: 2, Instructions: 258COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000A7B0 Relevance: 16.7, APIs: 11, Instructions: 162registrystringCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000B390 Relevance: 13.6, APIs: 9, Instructions: 113librarywindowstringCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100096A0 Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100835C2 Relevance: 3.2, APIs: 2, Instructions: 209memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10009730 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10009710 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10083555 Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10008779 Relevance: 3.4, APIs: 2, Instructions: 417COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006272 Relevance: 3.3, APIs: 2, Instructions: 293threadCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10008C8B Relevance: 3.1, APIs: 2, Instructions: 115COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005D6F Relevance: 3.1, APIs: 2, Instructions: 86COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005F47 Relevance: 3.1, APIs: 2, Instructions: 85stringCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005E5F Relevance: 2.6, APIs: 2, Instructions: 79COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001F4E Relevance: 1.9, APIs: 1, Instructions: 415COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000283C Relevance: 1.8, APIs: 1, Instructions: 340COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000667B Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006984 Relevance: 1.6, APIs: 1, Instructions: 82memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100065CF Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100061D0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100068F2 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000676C Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100017B4 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10007FBF Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000A370 Relevance: 7.7, APIs: 6, Instructions: 208COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000BAB0 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 16.2% |
Dynamic/Decrypted Code Coverage: | 1.6% |
Signature Coverage: | 0% |
Total number of Nodes: | 765 |
Total number of Limit Nodes: | 19 |
Graph
Function 10003356 Relevance: 25.0, APIs: 14, Instructions: 4041COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100013D3 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299threadlibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002D31 Relevance: 4.8, APIs: 3, Instructions: 258COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000300A Relevance: 4.7, APIs: 3, Instructions: 220fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005E5F Relevance: 4.6, APIs: 3, Instructions: 79COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000A7B0 Relevance: 16.7, APIs: 11, Instructions: 162registrystringCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000B390 Relevance: 13.6, APIs: 9, Instructions: 113librarywindowstringCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100096A0 Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100835C2 Relevance: 3.2, APIs: 2, Instructions: 209memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100094C0 Relevance: 3.0, APIs: 2, Instructions: 24memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC05A9 Relevance: 2.6, APIs: 2, Instructions: 76memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10009710 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10083555 Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000A370 Relevance: 7.7, APIs: 6, Instructions: 208COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000BAB0 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 15.5% |
Dynamic/Decrypted Code Coverage: | 1.6% |
Signature Coverage: | 0% |
Total number of Nodes: | 764 |
Total number of Limit Nodes: | 19 |
Graph
Function 10003356 Relevance: 25.0, APIs: 14, Instructions: 4041COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100013D3 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 299threadlibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000300A Relevance: 4.7, APIs: 3, Instructions: 220fileCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10005E5F Relevance: 4.6, APIs: 3, Instructions: 79COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002D31 Relevance: 3.3, APIs: 2, Instructions: 258COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000A7B0 Relevance: 16.7, APIs: 11, Instructions: 162registrystringCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000B390 Relevance: 13.6, APIs: 9, Instructions: 113librarywindowstringCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100096A0 Relevance: 6.0, APIs: 4, Instructions: 43fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100835C2 Relevance: 3.2, APIs: 2, Instructions: 209memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100094C0 Relevance: 3.0, APIs: 2, Instructions: 24memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 001F05A9 Relevance: 2.6, APIs: 2, Instructions: 76memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10009390 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10009710 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10083555 Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000A370 Relevance: 7.7, APIs: 6, Instructions: 208COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000BAB0 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 3% |
Dynamic/Decrypted Code Coverage: | 1.1% |
Signature Coverage: | 25.2% |
Total number of Nodes: | 1076 |
Total number of Limit Nodes: | 52 |
Graph
Function 00418600 Relevance: 18.3, APIs: 12, Instructions: 273threadwindownetworkCOMMONCrypto
Control-flow Graph
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046D210 Relevance: 16.6, APIs: 11, Instructions: 106timeCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048D74C Relevance: 6.1, APIs: 4, Instructions: 63COMMON
Control-flow Graph
C-Code - Quality: 90% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004688C0 Relevance: 4.8, APIs: 3, Instructions: 264COMMON
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048551D Relevance: 3.0, APIs: 2, Instructions: 27nativeCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00484D30 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
C-Code - Quality: 45% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0047C0DA Relevance: 1.5, APIs: 1, Instructions: 4COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040741D Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00484F5C Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 170stringCOMMON
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C3F0 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 370commemorythreadCOMMON
Control-flow Graph
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AFF0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 276registryCOMMON
Control-flow Graph
C-Code - Quality: 93% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C8E0 Relevance: 15.1, APIs: 10, Instructions: 99memoryCOMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 35% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0047D13F Relevance: 13.7, APIs: 9, Instructions: 221COMMON
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004891F9 Relevance: 9.0, APIs: 6, Instructions: 35COMMON
Control-flow Graph
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B4C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43networkCOMMON
Control-flow Graph
C-Code - Quality: 50% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00487FCD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27threadCOMMON
Control-flow Graph
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00485152 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25threadCOMMON
Control-flow Graph
C-Code - Quality: 47% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B480 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18networkCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0050AC53 Relevance: 3.2, APIs: 2, Instructions: 209memoryCOMMON
C-Code - Quality: 48% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004839C2 Relevance: 3.1, APIs: 2, Instructions: 107fileCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B7F0 Relevance: 3.0, APIs: 2, Instructions: 37memoryCOMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048D4A3 Relevance: 3.0, APIs: 2, Instructions: 32COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00474E11 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00483ADF Relevance: 3.0, APIs: 2, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00483B64 Relevance: 3.0, APIs: 2, Instructions: 16COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 012805A9 Relevance: 2.6, APIs: 2, Instructions: 76memoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00484AB9 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004851E0 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B060 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004200E0 Relevance: 1.5, APIs: 1, Instructions: 7windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0050ABE6 Relevance: 1.3, APIs: 1, Instructions: 39memoryCOMMON
C-Code - Quality: 56% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00468E90 Relevance: 99.3, APIs: 2, Strings: 54, Instructions: 1347COMMONCrypto
C-Code - Quality: 69% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416460 Relevance: 55.2, APIs: 29, Strings: 2, Instructions: 979windowCOMMONCrypto
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440AB0 Relevance: 32.8, Strings: 26, Instructions: 305COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EDD0 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 93libraryloaderwindowCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004181F0 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 310libraryregistryloaderCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00484376 Relevance: 13.6, APIs: 9, Instructions: 113COMMON
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 98% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00472C10 Relevance: 4.6, APIs: 3, Instructions: 75timeCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 43% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EED0 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00494D1E Relevance: 2.4, Instructions: 2355COMMONCrypto
C-Code - Quality: 60% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0047E7DC Relevance: 1.5, APIs: 1, Instructions: 37COMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0047EA67 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0047EB7A Relevance: 1.5, APIs: 1, Instructions: 15COMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0047C0EC Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00466C7E Relevance: .5, Instructions: 514COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00466ECE Relevance: .5, Instructions: 514COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004520B0 Relevance: .4, Instructions: 386COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004527B0 Relevance: .4, Instructions: 382COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00450B90 Relevance: .4, Instructions: 364COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004645F0 Relevance: .3, Instructions: 346COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00458D70 Relevance: .3, Instructions: 346COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004684F0 Relevance: .3, Instructions: 321COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004661F0 Relevance: .3, Instructions: 295COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004642C0 Relevance: .3, Instructions: 274COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004588D0 Relevance: .3, Instructions: 274COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00478F66 Relevance: .3, Instructions: 259COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045E260 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00452580 Relevance: .2, Instructions: 209COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00450350 Relevance: .2, Instructions: 178COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00465040 Relevance: .1, Instructions: 127COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A9F0 Relevance: 95.0, APIs: 53, Strings: 1, Instructions: 459windowsleepCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E3C0 Relevance: 31.9, APIs: 16, Strings: 2, Instructions: 384windowCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D0D0 Relevance: 31.7, APIs: 21, Instructions: 205COMMON
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00438210 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 255windowCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00486B88 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 174windowCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043A6C0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 185windowCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043CCF0 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 331threadCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448240 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422700 Relevance: 15.3, APIs: 10, Instructions: 288COMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420FD0 Relevance: 15.2, APIs: 10, Instructions: 179COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004385C0 Relevance: 15.1, APIs: 10, Instructions: 86COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00474EA7 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMONLIBRARYCODE
C-Code - Quality: 96% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0047C902 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 46% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048705A Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
C-Code - Quality: 40% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004783D4 Relevance: 13.7, APIs: 9, Instructions: 177COMMON
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420D70 Relevance: 13.6, APIs: 9, Instructions: 118COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A1D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93networkCOMMON
C-Code - Quality: 20% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00462670 Relevance: 12.3, APIs: 8, Instructions: 306COMMON
C-Code - Quality: 70% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004748E0 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0047C0F8 Relevance: 9.1, APIs: 6, Instructions: 117COMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424BE0 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
C-Code - Quality: 80% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CA4F Relevance: 9.1, APIs: 6, Instructions: 85memoryCOMMONLIBRARYCODE
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048AE61 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432350 Relevance: 9.1, APIs: 6, Instructions: 54COMMON
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048A866 Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048A780 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
C-Code - Quality: 42% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046E090 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 211libraryloaderCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048ACE9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418BA0 Relevance: 7.9, APIs: 5, Instructions: 351COMMON
C-Code - Quality: 92% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004727BB Relevance: 7.8, APIs: 5, Instructions: 278COMMON
C-Code - Quality: 68% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EA90 Relevance: 7.7, APIs: 5, Instructions: 196windowCOMMON
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00474A12 Relevance: 7.6, APIs: 5, Instructions: 150COMMON
C-Code - Quality: 99% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041CBB0 Relevance: 7.6, APIs: 5, Instructions: 104windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E920 Relevance: 7.6, APIs: 5, Instructions: 90COMMON
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C7C0 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00474C35 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048C889 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CF0C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMONLIBRARYCODE
C-Code - Quality: 95% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 86windowCOMMON
C-Code - Quality: 94% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043CBB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75synchronizationCOMMON
C-Code - Quality: 45% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00438EF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63windowCOMMON
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CDC2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58threadCOMMON
C-Code - Quality: 96% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 16% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048A70B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27stringCOMMON
C-Code - Quality: 37% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0047504A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
C-Code - Quality: 67% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00481077 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 303stringCOMMON
C-Code - Quality: 70% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428EB0 Relevance: 6.2, APIs: 4, Instructions: 246COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426FC0 Relevance: 6.2, APIs: 4, Instructions: 169windowCOMMON
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043AF80 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C490 Relevance: 6.1, APIs: 4, Instructions: 144windowCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0047AF68 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432DA0 Relevance: 6.1, APIs: 4, Instructions: 108windowCOMMON
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00446F10 Relevance: 6.1, APIs: 4, Instructions: 100windowCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004125A0 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048CB55 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
C-Code - Quality: 24% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414500 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00478DBA Relevance: 6.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00482230 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004862EB Relevance: 6.0, APIs: 4, Instructions: 49COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00486364 Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
C-Code - Quality: 64% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004804CA Relevance: 6.0, APIs: 4, Instructions: 43COMMON
C-Code - Quality: 42% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00486A53 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048A7F5 Relevance: 6.0, APIs: 4, Instructions: 29stringCOMMON
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041AA80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44synchronizationCOMMON
C-Code - Quality: 94% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0048A693 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |