Windows
Analysis Report
ts.exe_
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- ts.exe (PID: 3664 cmdline:
C:\Users\u ser\Deskto p\ts.exe MD5: AD57D446C107B5ABD83B6180456CD0DD) - conhost.exe (PID: 4724 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Windows_Trojan_Emotet_db7d33fa | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Windows_Trojan_Emotet_db7d33fa | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Windows_Trojan_Emotet_db7d33fa | unknown | unknown |
| |
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Windows_Trojan_Emotet_db7d33fa | unknown | unknown |
| |
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Click to see the 1 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Windows_Trojan_Emotet_db7d33fa | unknown | unknown |
| |
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Windows_Trojan_Emotet_db7d33fa | unknown | unknown |
| |
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Click to see the 9 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 0_2_00007FF7A58828F0 |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FFA0AEDF51C |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00007FF7A58A46E8 | |
Source: | Code function: | 0_2_00007FF7A5883DF0 | |
Source: | Code function: | 0_2_00007FF7A58C6D94 | |
Source: | Code function: | 0_2_00007FF7A5890B06 | |
Source: | Code function: | 0_2_00007FF7A58A3A40 | |
Source: | Code function: | 0_2_00007FF7A58DAEB0 | |
Source: | Code function: | 0_2_00007FF7A588EEF4 | |
Source: | Code function: | 0_2_00007FF7A58BD668 | |
Source: | Code function: | 0_2_00007FF7A58BC5A0 | |
Source: | Code function: | 0_2_00007FF7A58BCDD0 | |
Source: | Code function: | 0_2_00007FF7A588DDE8 | |
Source: | Code function: | 0_2_00007FF7A58CE614 | |
Source: | Code function: | 0_2_00007FF7A5897D18 | |
Source: | Code function: | 0_2_00007FF7A58C053C | |
Source: | Code function: | 0_2_00007FF7A58CFD5C | |
Source: | Code function: | 0_2_00007FF7A58C6830 | |
Source: | Code function: | 0_2_00007FF7A5890024 | |
Source: | Code function: | 0_2_00007FF7A58CC854 | |
Source: | Code function: | 0_2_00007FF7A58D8848 | |
Source: | Code function: | 0_2_00007FF7A588D7CC | |
Source: | Code function: | 0_2_00007FF7A5885FC0 | |
Source: | Code function: | 0_2_00007FF7A58BF7F4 | |
Source: | Code function: | 0_2_00007FF7A58BC788 | |
Source: | Code function: | 0_2_00007FF7A5882F80 | |
Source: | Code function: | 0_2_00007FF7A58CE164 | |
Source: | Code function: | 0_2_00007FF7A58BD160 | |
Source: | Code function: | 0_2_00007FF7A58CEC94 | |
Source: | Code function: | 0_2_00007FF7A58BC3B8 | |
Source: | Code function: | 0_2_00007FF7A5894400 | |
Source: | Code function: | 0_2_00007FFA0AED61F4 | |
Source: | Code function: | 0_2_00007FFA0AEE5F68 | |
Source: | Code function: | 0_2_00007FFA0AED3750 | |
Source: | Code function: | 0_2_00007FFA0AEDF51C | |
Source: | Code function: | 0_2_00007FFA0AED3518 | |
Source: | Code function: | 0_2_00007FFA0AED66AC | |
Source: | Code function: | 0_2_00007FFA0AED765C | |
Source: | Code function: | 0_2_00007FFA0AEE5B54 | |
Source: | Code function: | 0_2_00007FFA0AED7AF0 | |
Source: | Code function: | 0_2_00007FFA0AEE4AE4 | |
Source: | Code function: | 0_2_00007FFA0AEDC480 | |
Source: | Code function: | 0_2_00007FFA0AEE443C | |
Source: | Code function: | 0_2_00007FFA0AED6428 | |
Source: | Code function: | 0_2_00007FFA0AED8BDC | |
Source: | Code function: | 0_2_00007FFA0AEE03D8 | |
Source: | Code function: | 0_2_00007FFA0AEE1960 | |
Source: | Code function: | 0_2_00007FFA0AEE415C | |
Source: | Code function: | 0_2_00007FFA0AEDB134 | |
Source: | Code function: | 0_2_00007FFA0AED1924 | |
Source: | Code function: | 0_2_00007FFA0AED7908 | |
Source: | Code function: | 0_2_00007FFA0AEDF28C | |
Source: | Code function: | 0_2_00007FFA0AED525C | |
Source: | Code function: | 0_2_00007FFA0AEDCA5C | |
Source: | Code function: | 0_2_00007FFA0AEE5A40 | |
Source: | Code function: | 0_2_00007FFA0AEDE234 | |
Source: | Code function: | 0_2_00007FFA0AEDD1E8 | |
Source: | Code function: | 0_2_00007FFA0AED49E4 | |
Source: | Code function: | 0_2_00007FFA0AED89D0 | |
Source: | Code function: | 0_2_00007FFA0AED17A0 | |
Source: | Code function: | 0_2_00007FFA0AEDBF78 | |
Source: | Code function: | 0_2_00007FFA0AEDD710 | |
Source: | Code function: | 0_2_00007FFA0AEDE090 | |
Source: | Code function: | 0_2_00007FFA0AEE3858 | |
Source: | Code function: | 0_2_00007FFA0AEE3050 | |
Source: | Code function: | 0_2_00007FFA0AEDF028 | |
Source: | Code function: | 0_2_00007FFA0AED9FD0 | |
Source: | Code function: | 0_2_00007FFA0AEDDDA0 | |
Source: | Code function: | 0_2_00007FFA0AEDCD9C | |
Source: | Code function: | 0_2_00007FFA0AED9D68 | |
Source: | Code function: | 0_2_00007FFA0AED6548 | |
Source: | Code function: | 0_2_00007FFA0AEE0D2C | |
Source: | Code function: | 0_2_00007FFA0AED250C | |
Source: | Code function: | 0_2_00007FFA0AED5D08 | |
Source: | Code function: | 0_2_00007FFA0AEDB4F0 | |
Source: | Code function: | 0_2_00007FFA0AEE1E88 | |
Source: | Code function: | 0_2_00007FFA0AED5668 | |
Source: | Code function: | 0_2_00007FFA0AED8648 | |
Source: | Code function: | 0_2_00007FFA0AED4604 | |
Source: | Code function: | 0_2_00007FFA0AEE45F0 | |
Source: | Code function: | 0_2_00007FFA0AEE05C4 |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FF7A589ACC5 | |
Source: | Code function: | 0_2_00007FF7A589AD07 | |
Source: | Code function: | 0_2_00007FF7A5899B8F |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 0_2_00007FFA0AEDF51C |
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 0_2_00007FF7A588B568 |
Source: | Code function: | 0_2_00007FF7A588B110 | |
Source: | Code function: | 0_2_00007FF7A588B710 | |
Source: | Code function: | 0_2_00007FF7A588B568 | |
Source: | Code function: | 0_2_00007FF7A588B2BC | |
Source: | Code function: | 0_2_00007FF7A58BE50C |
Source: | Code function: | 0_2_00007FF7A58B4F3C | |
Source: | Code function: | 0_2_00007FF7A58D26B4 | |
Source: | Code function: | 0_2_00007FF7A58D5898 | |
Source: | Code function: | 0_2_00007FF7A58D60F0 | |
Source: | Code function: | 0_2_00007FF7A58D62CC | |
Source: | Code function: | 0_2_00007FF7A58D5CB4 | |
Source: | Code function: | 0_2_00007FF7A58D5BE4 | |
Source: | Code function: | 0_2_00007FF7A58D2BF8 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_00007FF7A588B978 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 21 Virtualization/Sandbox Evasion | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 13 System Information Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1213146 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1251140 |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1215461 | Download File | ||
100% | Avira | HEUR/AGEN.1215461 | Download File | ||
100% | Avira | HEUR/AGEN.1251140 | Download File |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 745562 |
Start date and time: | 2022-11-14 14:05:50 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 55s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | ts.exe_ (renamed file extension from exe_ to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 5 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal76.troj.winEXE@2/3@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ctldl.windowsupdate.com
- Not all processes where analyzed, report is missing behavior information
Process: | C:\Users\user\Desktop\ts.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 121344 |
Entropy (8bit): | 6.020791170598696 |
Encrypted: | false |
SSDEEP: | 3072:dvsJ1yYfWqzIcJ6+R8uQyUtjt8F+8uYW5j:R4cYfWqzr4+R8xZCF+dJ |
MD5: | 726E5AA7D5929BDC85333E966770FF1A |
SHA1: | B43E1A8CF31AD480EC2AE01420E2017488993A8F |
SHA-256: | 89BE65452EA9DC74134F60311D57B84956D149C600C89801FB152BB04420B16B |
SHA-512: | 1E69593638B9735C3F7E1E0AE49705B8A10F833D65B9D754973FFF4EDB48DBD270C60E7D157D92F0E42E228C91FCFF2B32D1B1C7F8E4119CA2CBDBBFF70F7FE4 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\ts.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 95232 |
Entropy (8bit): | 6.655206296626177 |
Encrypted: | false |
SSDEEP: | 1536:UTPDxXuEznF2kuaKvu0By22/uTjKd0ovxVg0pJvHj4o0iplGnn5A:UbDx+ELlKtG/u69rj4TiplG5 |
MD5: | 5D182B467B4894159F9A4E956A381B67 |
SHA1: | 0A610C6DE3419CE165D05D770637C8084D584FFD |
SHA-256: | ED2239E28A20674D772109DB4F302F7240491FBBC1FB3AD8F30071A6A66736BA |
SHA-512: | E6067624F570C40FF0EF2B084F60343379BC83400816217496ACB0897FECB9F4A892CDF4087B27B2E3E58BA0A8873E5CEE6CE8C15B414FC590BE69A6B56B55B4 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\ts.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 619 |
Entropy (8bit): | 5.332868847941536 |
Encrypted: | false |
SSDEEP: | 12:RkjUJY/Ux2UA7FrPHOqF9ptE+7i6x6s+0+5v0aYJ4Cjp5KbJzS+Fo6:mjT/cj2POwTql35vNCp5szS6o6 |
MD5: | DD2DA9843BF632309924DC6CC54B6DDC |
SHA1: | 471B4075C9C6D86B94CA1DC43413222F925854FD |
SHA-256: | B114B49E322D0D6425F9A555C21BF4C0DEC2E423EE4009BB4B4A099901EAC96C |
SHA-512: | FBEFB8EC50D8D879D75D3DFD6399F744D3C72316A425758C13D82DA0992B96B1E9BF951220A0149A010A2B84E10D8FB69CA8C71590ABE172989EF82357C12540 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.442416778819568 |
TrID: |
|
File name: | ts.exe |
File size: | 744981 |
MD5: | ad57d446c107b5abd83b6180456cd0dd |
SHA1: | 8e277fb9bc97bedc7f7f4ba4390cc36702d87b7c |
SHA256: | 58d9d7c2d4a4140bbdc16c9b6ab1b56244ebc8b1c3eaa1fc63386bbce7acdb4c |
SHA512: | 35eaa45de9906131f0020640f11eeef46e10244c09c67018a4723cf4932fc3662fbdb61e230f96ce10f47adb12d46e1cf6dc365c79c92c87b1a2679f222a1983 |
SSDEEP: | 12288:LXZ1QgQQ5KLv9Z/QN1MlFuViQic76k0d3hNnC1Pc2lBrxhirous0o3RcYeqzVR8I:LXV2EplBrPZus04p3CBdOj |
TLSH: | A8F49E56B2E903F9F5A79134C487560AE7B0784612219B9F47B04AAB1F377726E3F320 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........E........................f...................................................L.......L.n.....L.......Rich................... |
Icon Hash: | 00828e8e8686b000 |
Entrypoint: | 0x14000b2a8 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x637226A2 [Mon Nov 14 11:29:38 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | d02262cfa0ab12b8c838af1a98da369c |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007F53C0C9A0ECh |
dec eax |
add esp, 28h |
jmp 00007F53C0C99897h |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, ecx |
xor ecx, ecx |
call dword ptr [00056E53h] |
dec eax |
mov ecx, ebx |
call dword ptr [00056E42h] |
call dword ptr [00056E4Ch] |
dec eax |
mov ecx, eax |
mov edx, C0000409h |
dec eax |
add esp, 20h |
pop ebx |
dec eax |
jmp dword ptr [00056E40h] |
dec eax |
mov dword ptr [esp+08h], ecx |
dec eax |
sub esp, 38h |
mov ecx, 00000017h |
call dword ptr [00056E34h] |
test eax, eax |
je 00007F53C0C99A29h |
mov ecx, 00000002h |
int 29h |
dec eax |
lea ecx, dword ptr [0008F83Ah] |
call 00007F53C0C99BEEh |
dec eax |
mov eax, dword ptr [esp+38h] |
dec eax |
mov dword ptr [0008F921h], eax |
dec eax |
lea eax, dword ptr [esp+38h] |
dec eax |
add eax, 08h |
dec eax |
mov dword ptr [0008F8B1h], eax |
dec eax |
mov eax, dword ptr [0008F90Ah] |
dec eax |
mov dword ptr [0008F77Bh], eax |
dec eax |
mov eax, dword ptr [esp+40h] |
dec eax |
mov dword ptr [0008F87Fh], eax |
mov dword ptr [0008F755h], C0000409h |
mov dword ptr [0008F74Fh], 00000001h |
mov dword ptr [0008F759h], 00000001h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7a2b4 | 0x3c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xa2000 | 0x288 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x9d000 | 0x3c9c | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xa3000 | 0xd8c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x725a0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x72600 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x72460 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x62000 | 0x380 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x607b8 | 0x60800 | False | 0.4547542908031088 | data | 6.494863973067288 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x62000 | 0x18e5e | 0x19000 | False | 0.440009765625 | data | 5.1869098128532585 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x7b000 | 0x214dc | 0x1fc00 | False | 0.48175289124015747 | data | 5.941625434601615 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x9d000 | 0x3c9c | 0x3e00 | False | 0.4765625 | data | 5.653230312289686 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
_RDATA | 0xa1000 | 0x15c | 0x200 | False | 0.41796875 | data | 3.3314562870393805 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0xa2000 | 0x288 | 0x400 | False | 0.33203125 | data | 3.8449104178415685 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xa3000 | 0xd8c | 0xe00 | False | 0.46791294642857145 | data | 5.39595888202804 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_MANIFEST | 0xa2060 | 0x224 | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (488), with CRLF line terminators | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | CryptGetHashParam, CryptDestroyHash, CryptHashData, CryptCreateHash, CryptAcquireContextW, CryptReleaseContext |
KERNEL32.dll | ReadFile, VirtualFree, WriteFile, VirtualAlloc, CreateToolhelp32Snapshot, CreateEventW, Sleep, GetLastError, CreateFileA, LoadLibraryA, DeleteFileA, CloseHandle, Module32FirstW, GetFileSize, Module32NextW, GetTickCount, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, SetEvent, ResetEvent, WaitForSingleObjectEx, GetModuleHandleW, GetProcAddress, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, MultiByteToWideChar, WideCharToMultiByte, InitializeCriticalSectionEx, EncodePointer, DecodePointer, GetStringTypeW, LCMapStringEx, GetLocaleInfoEx, CompareStringEx, GetCPInfo, RtlUnwind, RtlUnwindEx, RtlPcToFileHeader, RaiseException, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetCommandLineA, GetCommandLineW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, GetStdHandle, HeapAlloc, HeapFree, GetFileType, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetProcessHeap, SetStdHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, GetTimeZoneInformation, HeapSize, CreateFileW, WriteConsoleW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 14:06:45 |
Start date: | 14/11/2022 |
Path: | C:\Users\user\Desktop\ts.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7a5880000 |
File size: | 744981 bytes |
MD5 hash: | AD57D446C107B5ABD83B6180456CD0DD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Target ID: | 1 |
Start time: | 14:06:45 |
Start date: | 14/11/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7fcd70000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Execution Graph
Execution Coverage: | 8.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 42.2% |
Total number of Nodes: | 1253 |
Total number of Limit Nodes: | 31 |
Graph
Function 00007FF7A58A46E8 Relevance: 81.8, APIs: 54, Instructions: 808COMMONCrypto
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58A3A40 Relevance: 81.8, APIs: 54, Instructions: 808COMMONCrypto
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A5883DF0 Relevance: 70.6, APIs: 15, Strings: 25, Instructions: 563libraryCOMMONCrypto
Control-flow Graph
C-Code - Quality: 49% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A5890B06 Relevance: 31.8, APIs: 21, Instructions: 306COMMONCrypto
Control-flow Graph
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58828F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 128encryptionCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED66AC Relevance: 9.3, Strings: 7, Instructions: 584COMMONCrypto
Control-flow Graph
C-Code - Quality: 23% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEDF51C Relevance: 6.6, Strings: 5, Instructions: 395COMMONCrypto
Control-flow Graph
C-Code - Quality: 31% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED3750 Relevance: 4.3, Strings: 3, Instructions: 562COMMONCrypto
C-Code - Quality: 79% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEE5F68 Relevance: 4.1, Strings: 3, Instructions: 337COMMONCrypto
C-Code - Quality: 26% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED765C Relevance: 2.6, Strings: 2, Instructions: 90COMMONCrypto
C-Code - Quality: 43% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED3518 Relevance: 1.4, Strings: 1, Instructions: 101COMMONCrypto
C-Code - Quality: 44% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED61F4 Relevance: 1.3, Strings: 1, Instructions: 62COMMONCrypto
C-Code - Quality: 47% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A5884C00 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 299COMMON
Control-flow Graph
C-Code - Quality: 53% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A588AAF8 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON
Control-flow Graph
C-Code - Quality: 23% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58824E0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 120filememoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A5884760 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 178COMMON
Control-flow Graph
C-Code - Quality: 65% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 21% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A5881AF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 23% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 24% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 16% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEE0060 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69fileCOMMON
C-Code - Quality: 46% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 42% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A588AD90 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58C0A24 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58CD72C Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58CE104 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A5882F80 Relevance: 42.5, APIs: 15, Strings: 9, Instructions: 523memoryCOMMONCrypto
C-Code - Quality: 39% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58DAEB0 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1203COMMONCrypto
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED1924 Relevance: 13.1, Strings: 10, Instructions: 649COMMONCrypto
C-Code - Quality: 34% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58D8848 Relevance: 10.8, APIs: 7, Instructions: 286COMMONLIBRARYCODECrypto
C-Code - Quality: 59% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEDE234 Relevance: 10.7, Strings: 8, Instructions: 738COMMONCrypto
C-Code - Quality: 79% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58D5898 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMONLIBRARYCODE
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58D62CC Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEDBF78 Relevance: 10.3, Strings: 8, Instructions: 281COMMONCrypto
C-Code - Quality: 38% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEDD710 Relevance: 10.2, Strings: 8, Instructions: 231COMMONCrypto
C-Code - Quality: 33% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEE1E88 Relevance: 9.5, Strings: 7, Instructions: 739COMMONCrypto
C-Code - Quality: 45% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58BE50C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A588EEF4 Relevance: 8.3, APIs: 2, Strings: 2, Instructions: 1327COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED9FD0 Relevance: 8.3, Strings: 6, Instructions: 751COMMONCrypto
C-Code - Quality: 20% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED8BDC Relevance: 8.2, Strings: 6, Instructions: 714COMMONCrypto
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEE3050 Relevance: 7.9, Strings: 6, Instructions: 405COMMONCrypto
C-Code - Quality: 73% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58C6830 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMONCrypto
C-Code - Quality: 69% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED250C Relevance: 7.1, Strings: 5, Instructions: 859COMMONCrypto
C-Code - Quality: 26% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED7AF0 Relevance: 6.8, Strings: 5, Instructions: 504COMMONCrypto
C-Code - Quality: 88% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A588DDE8 Relevance: 6.5, APIs: 2, Strings: 1, Instructions: 1276COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEE443C Relevance: 6.4, Strings: 5, Instructions: 111COMMONCrypto
C-Code - Quality: 64% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A5890024 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 644COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A5885FC0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 492COMMONCrypto
C-Code - Quality: 62% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 27% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED6428 Relevance: 5.1, Strings: 4, Instructions: 53COMMONCrypto
C-Code - Quality: 63% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEDC480 Relevance: 4.1, Strings: 3, Instructions: 308COMMONCrypto
C-Code - Quality: 24% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEE3858 Relevance: 4.0, Strings: 3, Instructions: 234COMMONCrypto
C-Code - Quality: 84% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEE5B54 Relevance: 3.9, Strings: 3, Instructions: 195COMMONCrypto
C-Code - Quality: 48% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED5668 Relevance: 3.9, Strings: 3, Instructions: 156COMMONCrypto
C-Code - Quality: 37% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEE45F0 Relevance: 3.9, Strings: 3, Instructions: 102COMMONCrypto
C-Code - Quality: 37% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEDF28C Relevance: 3.8, Strings: 3, Instructions: 90COMMONCrypto
C-Code - Quality: 37% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED49E4 Relevance: 3.8, Strings: 3, Instructions: 88COMMONCrypto
C-Code - Quality: 37% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58D2BF8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
C-Code - Quality: 29% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEE05C4 Relevance: 2.7, Strings: 2, Instructions: 225COMMONCrypto
C-Code - Quality: 37% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEDD1E8 Relevance: 2.7, Strings: 2, Instructions: 217COMMONCrypto
C-Code - Quality: 54% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58CE614 Relevance: 2.6, Strings: 2, Instructions: 144COMMONCrypto
C-Code - Quality: 47% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED525C Relevance: 2.6, Strings: 2, Instructions: 136COMMONCrypto
C-Code - Quality: 21% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEDF028 Relevance: 2.6, Strings: 2, Instructions: 103COMMONCrypto
C-Code - Quality: 45% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEE4AE4 Relevance: 2.6, Strings: 2, Instructions: 100COMMONCrypto
C-Code - Quality: 37% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEE5A40 Relevance: 2.6, Strings: 2, Instructions: 53COMMONCrypto
C-Code - Quality: 47% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 27% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58D5BE4 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58D5CB4 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58D26B4 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEE1960 Relevance: 1.5, Strings: 1, Instructions: 275COMMONCrypto
C-Code - Quality: 29% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58CE164 Relevance: 1.5, Strings: 1, Instructions: 260COMMONCrypto
C-Code - Quality: 46% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58BCDD0 Relevance: 1.5, Strings: 1, Instructions: 250COMMONCrypto
C-Code - Quality: 31% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58BD160 Relevance: 1.5, Strings: 1, Instructions: 244COMMONCrypto
C-Code - Quality: 31% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED9D68 Relevance: 1.4, Strings: 1, Instructions: 138COMMONCrypto
C-Code - Quality: 19% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEDB134 Relevance: 1.4, Strings: 1, Instructions: 118COMMONCrypto
C-Code - Quality: 35% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEDE090 Relevance: 1.4, Strings: 1, Instructions: 106COMMONCrypto
C-Code - Quality: 65% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED8648 Relevance: 1.4, Strings: 1, Instructions: 101COMMONCrypto
C-Code - Quality: 65% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED17A0 Relevance: 1.3, Strings: 1, Instructions: 96COMMONCrypto
C-Code - Quality: 65% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED4604 Relevance: 1.3, Strings: 1, Instructions: 88COMMONCrypto
C-Code - Quality: 80% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEDDDA0 Relevance: 1.3, Strings: 1, Instructions: 58COMMONCrypto
C-Code - Quality: 64% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED89D0 Relevance: 1.3, Strings: 1, Instructions: 45COMMONCrypto
C-Code - Quality: 31% |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58CC854 Relevance: .3, Instructions: 322COMMONCrypto
C-Code - Quality: 97% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58BD668 Relevance: .3, Instructions: 317COMMONCrypto
C-Code - Quality: 58% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58CEC94 Relevance: .2, Instructions: 198COMMONCrypto
C-Code - Quality: 47% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58BC5A0 Relevance: .1, Instructions: 137COMMONCrypto
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58BC788 Relevance: .1, Instructions: 137COMMONCrypto
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58BC3B8 Relevance: .1, Instructions: 137COMMONCrypto
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 56% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED7908 Relevance: .1, Instructions: 124COMMONCrypto
C-Code - Quality: 84% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEE415C Relevance: .1, Instructions: 123COMMONCrypto
C-Code - Quality: 72% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEE03D8 Relevance: .1, Instructions: 121COMMONCrypto
C-Code - Quality: 64% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AEDCD9C Relevance: .1, Instructions: 92COMMONCrypto
C-Code - Quality: 84% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AED6548 Relevance: .1, Instructions: 78COMMONCrypto
C-Code - Quality: 37% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A588B710 Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A588A020 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 151COMMON
C-Code - Quality: 26% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58950B4 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 57COMMON
C-Code - Quality: 39% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58BAFE4 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE
C-Code - Quality: 40% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58D2730 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58BA85C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 50% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A5894FB4 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 66COMMON
C-Code - Quality: 32% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58CDB1C Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58DF27C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58CDC94 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58AE038 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 165COMMON
C-Code - Quality: 69% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A588A3E0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 121COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A5882020 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 116COMMON
C-Code - Quality: 43% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58A2EE4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
C-Code - Quality: 45% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 62% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 21% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58CDD5C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A588A260 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114COMMON
C-Code - Quality: 48% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58A2D9C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
C-Code - Quality: 47% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58A3070 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94COMMON
C-Code - Quality: 55% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58823F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 42% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 36% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A5889AC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126COMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A5889920 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
C-Code - Quality: 84% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58D7034 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
C-Code - Quality: 29% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58D00C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
C-Code - Quality: 32% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FF7A58B6C28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |