Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 4948 cmdline:
C:\Users\u ser\Deskto p\file.exe MD5: FC0582E1CD55C0FCC0628241F7E8CE54) - gntuud.exe (PID: 5176 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\3f9045 62a0\gntuu d.exe" MD5: FC0582E1CD55C0FCC0628241F7E8CE54) - schtasks.exe (PID: 5816 cmdline:
"C:\Window s\System32 \schtasks. exe" /Crea te /SC MIN UTE /MO 1 /TN gntuud .exe /TR " C:\Users\u ser\AppDat a\Local\Te mp\3f90456 2a0\gntuud .exe" /F MD5: 15FF7D8324231381BAD48A052F85DF04) - conhost.exe (PID: 5932 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - rundll32.exe (PID: 1544 cmdline:
"C:\Window s\System32 \rundll32. exe" C:\Us ers\user\A ppData\Roa ming\56a1c 3d463f381\ cred64.dll , Main MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
- gntuud.exe (PID: 5912 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\3f90456 2a0\gntuud .exe MD5: FC0582E1CD55C0FCC0628241F7E8CE54)
- gntuud.exe (PID: 1876 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\3f90456 2a0\gntuud .exe MD5: FC0582E1CD55C0FCC0628241F7E8CE54)
- gntuud.exe (PID: 1332 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\3f90456 2a0\gntuud .exe MD5: FC0582E1CD55C0FCC0628241F7E8CE54)
- gntuud.exe (PID: 996 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\3f90456 2a0\gntuud .exe MD5: FC0582E1CD55C0FCC0628241F7E8CE54)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security | ||
INDICATOR_TOOL_PWS_Amady | Detects password stealer DLL. Dropped by Amadey | ditekSHen |
| |
JoeSecurity_Amadey_2 | Yara detected Amadey\'s stealer DLL | Joe Security | ||
INDICATOR_TOOL_PWS_Amady | Detects password stealer DLL. Dropped by Amadey | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
Click to see the 5 entries |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Avira: | ||
Source: | Avira: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Compliance |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_00420BA6 | |
Source: | Code function: | 1_2_02770E0D | |
Source: | Code function: | 11_2_00420BA6 |
Networking |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | ASN Name: |
Source: | IP Address: |
Source: | String found in binary or memory: |
Source: | Code function: | 1_2_00404180 |
Source: | Code function: | 1_2_00402C70 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 1_2_0040CBD0 | |
Source: | Code function: | 1_2_00429470 | |
Source: | Code function: | 1_2_0042848D | |
Source: | Code function: | 1_2_00432890 | |
Source: | Code function: | 1_2_027786F4 | |
Source: | Code function: | 1_2_027796D7 | |
Source: | Code function: | 11_2_00429470 | |
Source: | Code function: | 11_2_0042848D | |
Source: | Code function: | 11_2_00432890 | |
Source: | Code function: | 11_2_0040CBD0 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process Stats: |
Source: | Dropped File: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Code function: | 1_2_00418C99 | |
Source: | Code function: | 1_2_0275A75F | |
Source: | Code function: | 1_2_02768F00 | |
Source: | Code function: | 11_2_00418C99 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Key value created or modified: | Jump to behavior |
Source: | Process created: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Code function: | 1_2_00405400 |
Source: | Code function: | 1_2_00420BA6 | |
Source: | Code function: | 1_2_02770E0D | |
Source: | Code function: | 11_2_00420BA6 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 1_2_00418A67 |
Source: | Code function: | 1_2_004037D0 |
Source: | Code function: | 1_2_0041B901 | |
Source: | Code function: | 1_2_0041DF02 | |
Source: | Code function: | 1_2_0275092B | |
Source: | Code function: | 1_2_0276E169 | |
Source: | Code function: | 1_2_0276BB68 | |
Source: | Code function: | 1_2_02750D90 | |
Source: | Code function: | 11_2_0041B901 | |
Source: | Code function: | 11_2_0041DF02 |
Source: | Code function: | 1_2_00418163 | |
Source: | Code function: | 1_2_00418A67 | |
Source: | Code function: | 1_2_0041CA80 | |
Source: | Code function: | 1_2_00418BCC | |
Source: | Code function: | 1_2_027683CA | |
Source: | Code function: | 1_2_02768E33 | |
Source: | Code function: | 1_2_0276CCE7 | |
Source: | Code function: | 1_2_02768CCE | |
Source: | Code function: | 11_2_00418163 | |
Source: | Code function: | 11_2_00418A67 | |
Source: | Code function: | 11_2_0041CA80 | |
Source: | Code function: | 11_2_00418BCC |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Code function: | 1_2_00403F40 |
Source: | Code function: | 1_2_00404350 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 1_2_00418887 |
Source: | Code function: | 1_2_00418CA1 |
Source: | Code function: | 1_2_00424BC4 |
Source: | Code function: | 1_2_00405400 |
Source: | Code function: | 1_2_0040CBD0 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 1 Exploitation for Privilege Escalation | 1 Deobfuscate/Decode Files or Information | 1 OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 211 Process Injection | 2 Obfuscated Files or Information | 2 Credentials in Registry | 1 Account Discovery | Remote Desktop Protocol | 1 Data from Local System | Exfiltration Over Bluetooth | 1 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 1 Scheduled Task/Job | 2 Software Packing | 1 Credentials In Files | 2 File and Directory Discovery | SMB/Windows Admin Shares | 1 Screen Capture | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 1 Registry Run Keys / Startup Folder | 1 Masquerading | NTDS | 24 System Information Discovery | Distributed Component Object Model | 1 Email Collection | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 21 Virtualization/Sandbox Evasion | LSA Secrets | 121 Security Software Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 211 Process Injection | Cached Domain Credentials | 21 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Rundll32 | DCSync | 1 System Owner/User Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1233121 | ||
100% | Avira | HEUR/AGEN.1233121 | ||
100% | Joe Sandbox ML | |||
88% | ReversingLabs | Win32.Infostealer.Decred | ||
75% | Virustotal | Browse | ||
35% | Virustotal | Browse | ||
88% | ReversingLabs | Win32.Infostealer.Decred | ||
75% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
8% | Virustotal | Browse |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
31.41.244.17 | unknown | Russian Federation | 61974 | AEROEXPRESS-ASRU | true |
IP |
---|
192.168.2.5 |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 754388 |
Start date and time: | 2022-11-26 19:17:05 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | file.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.phis.spyw.evad.winEXE@12/5@0/2 |
EGA Information: |
|
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
19:18:00 | API Interceptor | |
19:18:02 | Task Scheduler |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
31.41.244.17 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AEROEXPRESS-ASRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\cred64[1].dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Process: | C:\Users\user\AppData\Local\Temp\3f904562a0\gntuud.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 129024 |
Entropy (8bit): | 6.511961466655514 |
Encrypted: | false |
SSDEEP: | 3072:ox7pOYzBekBmWDWCMq6As523HeS9FAiZ87vO2rlL3Rnm9:ox7ZNhB/dMq6AO0a7vVlT |
MD5: | ADBAF286228C46522E50371C4BE31A03 |
SHA1: | A29D644C4663B2E2B2BD92046BA0DF629537C297 |
SHA-256: | D3E9A3365F73A34E2DD9022A318ABCC2C55AF98BAFB2DC302CBB55F5398BB9A0 |
SHA-512: | 74A55CC8D8C3AF54E5BA290A34B968918DA994EA2D55B5F0D1F39E83CB9A39D73226227933C760B48F2E0BDB646F8243967517EF8202E02D88411D2D19AE217D |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 211968 |
Entropy (8bit): | 7.389735637483072 |
Encrypted: | false |
SSDEEP: | 6144:9/kH61vyrS1ccAJEsSBrVqbtkdim2qv6Wlz:9/ine9AZSnqbt4imhNlz |
MD5: | FC0582E1CD55C0FCC0628241F7E8CE54 |
SHA1: | 89FC6969C4A12F714EC051F0B69A50385062868D |
SHA-256: | 4294A6949AAC8F29179FC5CD688C88F52C6B4C5C85FE433AD11FE6E6947737C6 |
SHA-512: | 369464A7AD92D41BCB5736DEB9A6332533520EBBA19BDAFA0D93A9A026E6A26E0D46EAD8468593564DECE9D6A0F1E4CFBB5A97AC07F7C784D43D037D82CBBAEF |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\3f904562a0\gntuud.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 107080 |
Entropy (8bit): | 7.930494196730398 |
Encrypted: | false |
SSDEEP: | 1536:CCADD22DzOc35XWKpM6b9BWSkzkTcfulVdLM5Y1Rc1m90LH2ON68aEjCwu4EgVek:yf3FIK99BE1fko1dHta8CV4EgVcVd8 |
MD5: | 2BE638ED54CE1FD7E010B25FFE76F2C8 |
SHA1: | F22F4F7F433E47EB8655736D571C7C7F5D2A804C |
SHA-256: | E36B1AFD90BB77E353AF9F1FB0B533BE428DE583C617138569E37A2601B32C05 |
SHA-512: | 574CB1736CE9CE1AEF4628CA9386493BEF4821FDAC8E47912849B96A90E4290FB1E8A7C6B1020BB467D6E28EB287239C722003CD8316F40E06F481DB0C4323AE |
Malicious: | false |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\3f904562a0\gntuud.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 129024 |
Entropy (8bit): | 6.511961466655514 |
Encrypted: | false |
SSDEEP: | 3072:ox7pOYzBekBmWDWCMq6As523HeS9FAiZ87vO2rlL3Rnm9:ox7ZNhB/dMq6AO0a7vVlT |
MD5: | ADBAF286228C46522E50371C4BE31A03 |
SHA1: | A29D644C4663B2E2B2BD92046BA0DF629537C297 |
SHA-256: | D3E9A3365F73A34E2DD9022A318ABCC2C55AF98BAFB2DC302CBB55F5398BB9A0 |
SHA-512: | 74A55CC8D8C3AF54E5BA290A34B968918DA994EA2D55B5F0D1F39E83CB9A39D73226227933C760B48F2E0BDB646F8243967517EF8202E02D88411D2D19AE217D |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Preview: |
File type: | |
Entropy (8bit): | 7.389735637483072 |
TrID: |
|
File name: | file.exe |
File size: | 211968 |
MD5: | fc0582e1cd55c0fcc0628241f7e8ce54 |
SHA1: | 89fc6969c4a12f714ec051f0b69a50385062868d |
SHA256: | 4294a6949aac8f29179fc5cd688c88f52c6b4c5c85fe433ad11fe6e6947737c6 |
SHA512: | 369464a7ad92d41bcb5736deb9a6332533520ebba19bdafa0d93a9a026e6a26e0d46ead8468593564dece9d6a0f1e4cfbb5a97ac07f7c784d43d037d82cbbaef |
SSDEEP: | 6144:9/kH61vyrS1ccAJEsSBrVqbtkdim2qv6Wlz:9/ine9AZSnqbt4imhNlz |
TLSH: | EE24F1223A40E033C40391748538E7B13A7E797759B89843BF551FAD9FB22D2BA27359 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.+...x...x...x.J;x...x.W8x...x.W.x...x...x...x...x5..x.W)x...x.W9x...x.W<x...xRich...x................PE..L...z..a........... |
Icon Hash: | c8d0d8e0f8f0f0e0 |
Entrypoint: | 0x404377 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x61A7897A [Wed Dec 1 14:40:58 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 77b9cbeda5e32323ee560d94649c1c1a |
Instruction |
---|
call 00007F155CB71D92h |
jmp 00007F155CB6C97Dh |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
push edi |
push esi |
mov esi, dword ptr [ebp+0Ch] |
mov ecx, dword ptr [ebp+10h] |
mov edi, dword ptr [ebp+08h] |
mov eax, ecx |
mov edx, ecx |
add eax, esi |
cmp edi, esi |
jbe 00007F155CB6CB0Ah |
cmp edi, eax |
jc 00007F155CB6CCAAh |
cmp ecx, 00000100h |
jc 00007F155CB6CB21h |
cmp dword ptr [00AE17BCh], 00000000h |
je 00007F155CB6CB18h |
push edi |
push esi |
and edi, 0Fh |
and esi, 0Fh |
cmp edi, esi |
pop esi |
pop edi |
jne 00007F155CB6CB0Ah |
pop esi |
pop edi |
pop ebp |
jmp 00007F155CB71E54h |
test edi, 00000003h |
jne 00007F155CB6CB17h |
shr ecx, 02h |
and edx, 03h |
cmp ecx, 08h |
jc 00007F155CB6CB2Ch |
rep movsd |
jmp dword ptr [00404504h+edx*4] |
nop |
mov eax, edi |
mov edx, 00000003h |
sub ecx, 04h |
jc 00007F155CB6CB0Eh |
and eax, 03h |
add ecx, eax |
jmp dword ptr [00404418h+eax*4] |
jmp dword ptr [00404514h+ecx*4] |
nop |
jmp dword ptr [00404498h+ecx*4] |
nop |
sub byte ptr [eax+eax*2+00h], al |
push esp |
inc esp |
inc eax |
add byte ptr [eax+44h], bh |
inc eax |
add byte ptr [ebx], ah |
ror dword ptr [edx-75F877FAh], 1 |
inc esi |
add dword ptr [eax+468A0147h], ecx |
add al, cl |
jmp 00007F155EFE5307h |
add esi, 00000000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x107dc | 0x50 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6e2000 | 0x33f0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x1280 | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2810 | 0x40 | .text |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x23c | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x104f0 | 0x10600 | False | 0.5108092795801527 | data | 6.104729117132287 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x12000 | 0x6cf7c4 | 0x1fe00 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x6e2000 | 0x33f0 | 0x3400 | False | 0.6715745192307693 | data | 5.8441873543465155 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
KADI | 0x6e4d68 | 0x4a3 | ASCII text, with very long lines (1187), with no line terminators | Raeto-Romance | Switzerland |
RT_ICON | 0x6e2250 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Raeto-Romance | Switzerland |
RT_ICON | 0x6e2918 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Raeto-Romance | Switzerland |
RT_ICON | 0x6e2e80 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Raeto-Romance | Switzerland |
RT_ICON | 0x6e3f28 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Raeto-Romance | Switzerland |
RT_ICON | 0x6e48b0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Raeto-Romance | Switzerland |
RT_ACCELERATOR | 0x6e5210 | 0x98 | data | Raeto-Romance | Switzerland |
RT_GROUP_ICON | 0x6e4d18 | 0x4c | data | Raeto-Romance | Switzerland |
RT_VERSION | 0x6e52a8 | 0x148 | x86 executable not stripped |
DLL | Import |
---|---|
KERNEL32.dll | EnumSystemCodePagesA, EnumDateFormatsW, OpenMutexA, GetConsoleAliasExesLengthW, CopyFileExW, ReadConsoleOutputCharacterA, GetEnvironmentStrings, GetCommConfig, QueryDosDeviceA, EnumCalendarInfoExA, SetProcessPriorityBoost, CreateJobSet, AddConsoleAliasW, CreateFileA, GetMailslotInfo, GetWindowsDirectoryA, GetModuleHandleA, GlobalHandle, CreateDirectoryExA, GetLogicalDriveStringsA, ReadConsoleInputA, FindNextVolumeMountPointW, OpenWaitableTimerA, GetVersionExW, SearchPathA, RequestWakeupLatency, CallNamedPipeA, GetCurrentDirectoryW, GetDriveTypeW, CreateMailslotW, BuildCommDCBAndTimeoutsW, GetProcAddress, LoadLibraryA, LocalAlloc, MoveFileWithProgressW, GetBinaryTypeA, TerminateThread, WriteConsoleOutputA, GetCommandLineW, GetVolumeInformationA, VerifyVersionInfoA, DeleteTimerQueue, SearchPathW, CopyFileW, GetHandleInformation, FindResourceA, CreateJobObjectW, FindFirstVolumeW, GlobalFlags, CreateNamedPipeW, WritePrivateProfileStringW, InterlockedDecrement, GetModuleHandleW, GetTickCount, VerSetConditionMask, WriteTapemark, GetTapeParameters, HeapLock, GetConsoleTitleW, InterlockedExchangeAdd, EnumCalendarInfoA, InterlockedExchange, GetNamedPipeHandleStateA, TerminateProcess, MoveFileA, AddAtomW, UnregisterWait, FreeEnvironmentStringsW, SetConsoleTitleA, SetVolumeMountPointW, VirtualProtect, _hread, ClearCommBreak, GlobalFindAtomA, CloseHandle, FindFirstChangeNotificationA, LoadLibraryW, GetLastError, HeapFree, HeapAlloc, UnhandledExceptionFilter, SetUnhandledExceptionFilter, DeleteFileA, GetCommandLineA, GetStartupInfoA, GetCurrentProcess, IsDebuggerPresent, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, SetHandleCount, GetFileType, FreeEnvironmentStringsA, WideCharToMultiByte, GetEnvironmentStringsW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, RtlUnwind, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, SetFilePointer, GetConsoleCP, GetConsoleMode, MultiByteToWideChar, HeapSize, GetLocaleInfoA, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, FlushFileBuffers, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, ReadFile |
USER32.dll | GetComboBoxInfo, CharUpperBuffA, GetMenuInfo |
GDI32.dll | GetCharABCWidthsA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Raeto-Romance | Switzerland |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 19:17:54 |
Start date: | 26/11/2022 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 211968 bytes |
MD5 hash: | FC0582E1CD55C0FCC0628241F7E8CE54 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Target ID: | 3 |
Start time: | 19:17:57 |
Start date: | 26/11/2022 |
Path: | C:\Users\user\AppData\Local\Temp\3f904562a0\gntuud.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 211968 bytes |
MD5 hash: | FC0582E1CD55C0FCC0628241F7E8CE54 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Target ID: | 7 |
Start time: | 19:18:00 |
Start date: | 26/11/2022 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 8 |
Start time: | 19:18:00 |
Start date: | 26/11/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7fcd70000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 11 |
Start time: | 19:18:02 |
Start date: | 26/11/2022 |
Path: | C:\Users\user\AppData\Local\Temp\3f904562a0\gntuud.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 211968 bytes |
MD5 hash: | FC0582E1CD55C0FCC0628241F7E8CE54 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Target ID: | 12 |
Start time: | 19:18:02 |
Start date: | 26/11/2022 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | high |
Target ID: | 13 |
Start time: | 19:19:01 |
Start date: | 26/11/2022 |
Path: | C:\Users\user\AppData\Local\Temp\3f904562a0\gntuud.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 211968 bytes |
MD5 hash: | FC0582E1CD55C0FCC0628241F7E8CE54 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Target ID: | 17 |
Start time: | 19:20:00 |
Start date: | 26/11/2022 |
Path: | C:\Users\user\AppData\Local\Temp\3f904562a0\gntuud.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 211968 bytes |
MD5 hash: | FC0582E1CD55C0FCC0628241F7E8CE54 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Target ID: | 18 |
Start time: | 19:21:01 |
Start date: | 26/11/2022 |
Path: | C:\Users\user\AppData\Local\Temp\3f904562a0\gntuud.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 211968 bytes |
MD5 hash: | FC0582E1CD55C0FCC0628241F7E8CE54 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Execution Graph
Execution Coverage: | 1.4% |
Dynamic/Decrypted Code Coverage: | 6.2% |
Signature Coverage: | 5.5% |
Total number of Nodes: | 307 |
Total number of Limit Nodes: | 7 |
Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0275092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0275003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042356F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D1BB Relevance: 3.0, APIs: 2, Instructions: 33COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02750E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E3FF Relevance: 1.6, APIs: 1, Instructions: 54COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416830 Relevance: 1.5, APIs: 1, Instructions: 36networkCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02750920 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C70 Relevance: 51.7, APIs: 28, Strings: 1, Instructions: 910registrywindowfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F40 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 162injectionthreadmemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027541A7 Relevance: 22.7, APIs: 15, Instructions: 162injectionthreadmemoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404180 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 166networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424BC4 Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418887 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420BA6 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02770E0D Relevance: 1.6, APIs: 1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418BCC Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02768E33 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432890 Relevance: .4, Instructions: 375COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00429470 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027796D7 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02750D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041DF02 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276E169 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419B27 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 308COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02769D8E Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 308COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041ED7A Relevance: 15.1, APIs: 10, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276EFE1 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027767E9 Relevance: 13.8, APIs: 9, Instructions: 301COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421A27 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02771C8E Relevance: 12.2, APIs: 8, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F14C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027543E7 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 166networkfileCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A897 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B943 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02774E2B Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426FA9 Relevance: 7.7, APIs: 5, Instructions: 244COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004258D4 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C10E Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276C375 Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0275B507 Relevance: 6.4, APIs: 4, Instructions: 351fileCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02776175 Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004208E8 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02770B4F Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F7CB Relevance: 6.0, APIs: 4, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F834 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276FA32 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276FA9B Relevance: 6.0, APIs: 4, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D819 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276DA80 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419EDD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0276A144 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423927 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 1% |
Dynamic/Decrypted Code Coverage: | 16.2% |
Signature Coverage: | 0% |
Total number of Nodes: | 1396 |
Total number of Limit Nodes: | 8 |
Graph
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D1BB Relevance: 3.0, APIs: 2, Instructions: 33COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408770 Relevance: 1.7, APIs: 1, Instructions: 154COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416F50 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417A50 Relevance: 1.6, APIs: 1, Instructions: 124COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041835E Relevance: 1.6, APIs: 1, Instructions: 60COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416830 Relevance: 1.5, APIs: 1, Instructions: 36networkCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EA8A Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F40 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 162injectionthreadmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419B27 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 308COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041ED7A Relevance: 15.1, APIs: 10, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404180 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 166networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421A27 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F14C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A897 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B943 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424BC4 Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426FA9 Relevance: 7.7, APIs: 5, Instructions: 244COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004258D4 Relevance: 7.7, APIs: 5, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C10E Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004208E8 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F7CB Relevance: 6.0, APIs: 4, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F834 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D819 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419EDD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423927 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |