Windows
Analysis Report
DHL04AWB01173903102023PDF.scr.exe
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- DHL04AWB01173903102023PDF.scr.exe (PID: 1308 cmdline:
C:\Users\u ser\Deskto p\DHL04AWB 0117390310 2023PDF.sc r.exe MD5: 1BF124CC783FF47A91ADA4E6D4AC9E6B)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00402706 | |
Source: | Code function: | 0_2_0040572C | |
Source: | Code function: | 0_2_004061E0 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_00405290 |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_0040331C |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00404ACD | |
Source: | Code function: | 0_2_004064F2 |
Source: | Static PE information: |
Source: | Process Stats: |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File written: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_0040206A |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_00404587 |
Source: | Static file information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: |
Source: | Code function: | 0_2_10002D7E |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00406207 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | RDTSC instruction interceptor: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: | 0_2_00402706 | |
Source: | Code function: | 0_2_0040572C | |
Source: | Code function: | 0_2_004061E0 |
Source: | API call chain: | graph_0-4737 | ||
Source: | API call chain: | graph_0-4743 |
Source: | Code function: | 0_2_00406207 |
Source: | Code function: | 0_2_00405EBF |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | Path Interception | Path Interception | 11 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Timestomp | LSASS Memory | 3 File and Directory Discovery | Remote Desktop Protocol | 1 Clipboard Data | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | 13 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | ReversingLabs | |||
13% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
1% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high |
Joe Sandbox Version: | 37.0.0 Beryl |
Analysis ID: | 828071 |
Start date and time: | 2023-03-16 18:03:16 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 36s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | DHL04AWB01173903102023PDF.scr.exe |
Detection: | MAL |
Classification: | mal64.rans.troj.evad.winEXE@1/11@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nsoF960.tmp\System.dll | Get hash | malicious | AgentTesla, GuLoader | Browse | ||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | AgentTesla, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | AgentTesla, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | AgentTesla, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | NanoCore, GuLoader | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | AgentTesla, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | FormBook, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | Unknown | Browse |
Process: | C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1831716 |
Entropy (8bit): | 7.308492575684153 |
Encrypted: | false |
SSDEEP: | 49152:lf4WAQduqXBweZG32poHRS2tQuWikK9jM3:lJAQlnANE2tQTaM3 |
MD5: | 9B4D8ABA094C64270F7878FAE618AC65 |
SHA1: | FA3D773625A7FE13C127925856A2B015C986E598 |
SHA-256: | CB136F81690F426D253696166DE342FF05A1C1F3C0C780BBE800A06396424751 |
SHA-512: | 87EBE9A0C8BD59D98236943710F7A739AEE413FD8B198F1F92479434819423857252B6D160AB42A0EE8B976AAE3972185E2CC467FB9842AFEB9BF3C3D7577B73 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11264 |
Entropy (8bit): | 5.774411073650885 |
Encrypted: | false |
SSDEEP: | 192:eB2HS+ihg200uWz947Wzvxu6v0MI7JOde+Ij5Z77dslFsE+:3S62Gw947ExuGDI7J8EF7KIE |
MD5: | BE2621A78A13A56CF09E00DD98488360 |
SHA1: | 75F0539DC6AF200A07CDB056CDDDDEC595C6CFD2 |
SHA-256: | 852047023BA0CAE91C7A43365878613CFB4E64E36FF98C460E113D5088D68EF5 |
SHA-512: | B80CF1F678E6885276B9A1BFD9227374B2EB9E38BB20446D52EBE2C3DBA89764AA50CB4D49DF51A974478F3364B5DBCBC5B4A16DC8F1123B40C89C01725BE3D1 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 202342 |
Entropy (8bit): | 7.5372236610693095 |
Encrypted: | false |
SSDEEP: | 3072:YTz6SobCaMo6ljmx23UrLpvJvOc9CuKjrDee/jKOVox2EcIHuysfzFC64:w6SPaMo6l4XvOZ5rDtKOVoQrF0 |
MD5: | E2901A2B3EFA6BB00F2AD1D4AD963F52 |
SHA1: | 1F2C771CEAE379DF9FA7FA1FA5E4ABC36638A42E |
SHA-256: | FEFA0B1539475BF0ED224A8D9934FD4558DD0B1297FB661DAB776ABC96C333FF |
SHA-512: | DA39BCB8E8C2BD79160B33A7767C58CC7CE204B56005B16AF6825DD6E25612D4C08E2C69A2DF288EC6635A24E740C23C5842E5DA3C08BDCCE9FC677D456C9B5E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Nonhieratical\Clavichordist\benenders\Actionfilm\Sortsrenheden\TableTextServiceYi.txt
Download File
Process: | C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 45170 |
Entropy (8bit): | 3.7626877360483184 |
Encrypted: | false |
SSDEEP: | 384:wBMdoEQYh/Iq7rwSM+jNyql218nyeEJFFCEeFe73c3+AC+mviFuqOtSS0uK3l/:wadoAr7s1+jNyqr6FFweIT0h0/ |
MD5: | AC05652AF93A583226FD118E23D3652F |
SHA1: | DA5BB4AE245369888D1AF981AF6785FAE21C7BC9 |
SHA-256: | 54E26FC4F586B39C4CCB6655735E8AA03AD31498EFD0119AB8406258D5561627 |
SHA-512: | 2C24F1CBD45D5B06DF0A187793E02DA4F085E6E03CF1A697416F3F0B34FE4E96ECFCFD4E25DA3288383B98E1BC112A2418EFF5EA8E69BFBF153F28A20A687BF2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Nonhieratical\Clavichordist\benenders\Actionfilm\Sortsrenheden\Z_Custom2.ini
Download File
Process: | C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6221 |
Entropy (8bit): | 4.623864089058378 |
Encrypted: | false |
SSDEEP: | 96:KGz5QTZR5ATsj5sjc9sjnljnDQcaufEjnOAvtDAvVY:BzmTZbAojyjnjljspu8jXvtMvVY |
MD5: | CA003CF1D99CDF717768E88DD64BB84C |
SHA1: | A0326E46EA68C4649DD6645368B43922B6126FF6 |
SHA-256: | 44100D5F41FE4CDDD1D77EF7124FEC4F8071E5A1678339ACE0DA3DD7E826EF2F |
SHA-512: | 94D1EB659C22A3614F250C79D1C957876A617158BE538E35E906F12E68C6E12CCBE9C364D1F1C18D280F72FD7958D753348C056CAF320B6843EC3873B59C9926 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Nonhieratical\Clavichordist\benenders\Actionfilm\Sortsrenheden\msado25.tlb
Download File
Process: | C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 69632 |
Entropy (8bit): | 4.63717105728589 |
Encrypted: | false |
SSDEEP: | 768:5U0SzA63tPY1AcbERQzuahkbzM7hX2O4HvypROPzMiibjUsqK0M49uo:5OU63tPY114RX3M7MvPy/OPz/CF09F |
MD5: | 299DBB927B6390C6B925757DD5B2B7FF |
SHA1: | FFCE563E42AF7B1086CB5AE92014801B2C66DC0C |
SHA-256: | D9D2BD64DE6176B31A4E704D7E5D08FA9BB75A6A8AC007A61C4DF38F6FA82262 |
SHA-512: | E88F9DA34960BC13C27F2B236A28410AC8B71619D8175103D0BD5E7F03F395F773BCDF399E805D2150BECF2EE107147287D6FE0C00BD41AC591F868E62296347 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7968 |
Entropy (8bit): | 7.906040167483731 |
Encrypted: | false |
SSDEEP: | 192:oXRXorJ1fquj4/Ms9hHCQyTscIhlMN58ZB5oEx5/U8qn8kyx:KRoqu0ksEIhCOjZU8M8kM |
MD5: | 162F6BB32D6D5AC380A80DA07C13E213 |
SHA1: | 7985EAC367E0B19CC0E30B24399A37663E8436F6 |
SHA-256: | 686310A1A5B8BB4D4EAA316FC0A3970EE878CC39F75E8C68F49ED51A5AD562DF |
SHA-512: | F4DC70FB483303906CA8C4D5AE404653C7B761BEB38B3DC88ABDEBED4B28A85F3A02F6E2E1E5D28A1625F09A8EEA7A66F12959AA12E98733023CE5908B9FF199 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57606 |
Entropy (8bit): | 2.670628012232385 |
Encrypted: | false |
SSDEEP: | 768:Ip+EachJRWeyBP/QmazA5Bnh+QuGkvrOYKT2Rrt6UptqyBcerao1CEzSkNu8R2QP:uquzgxiGXNyHlqgdeo1CtNQP |
MD5: | 1EE3EA9EB5F7142B93FE99689B2038A6 |
SHA1: | AB0D94BDBDC97EEA61B226010584C12D9AED43EA |
SHA-256: | 67D1985FCBEB4E6FB84785F6304B3CB63A9326B328921E04CCFD50539825FDB7 |
SHA-512: | BBC7EAEA47011BB96FD26ADB3B71F981AE20FDACCF1A72BAFE96EC8E3071AD29AE052B279465FA700B3AD327DC2EA97408B52FD5A0D73B716F21FCD500D30B67 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 251376 |
Entropy (8bit): | 5.684541726348285 |
Encrypted: | false |
SSDEEP: | 3072:njOJemjvYiYtrWTovAYYYlDvNYXzMgv9/PuMKISOe1sWQuCyY+2JHfYavRkRYI1N:n+6v671nuMKRv1sHyaJ/YavRkRYIBYA1 |
MD5: | B44ED270A186763E1DA753AA39553B68 |
SHA1: | 10390F85EA5DB841A8BC70E8ED931A5D34026BE8 |
SHA-256: | E24E9B9C79199B66B9F847F1E07A2769B82CB7FCCA98E5B53F28B481EEBCABD8 |
SHA-512: | 0BF049851CBD5D29221E7C721F15E58286C030023A9BF66E88A5EE6D4D940F89CBBFB8A4E0376382472940450D631E7E3D0162C871443CA12169DFED4E7C91B5 |
Malicious: | false |
Antivirus: |
|
Preview: |
C:\Users\user\Nonhieratical\Thonny\Yderligheders\Samtalernes\Sikkerhedsventilen\ContactsApi.dll
Download File
Process: | C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 384128 |
Entropy (8bit): | 5.921054568677329 |
Encrypted: | false |
SSDEEP: | 6144:zJteC/kw/VKk3g6ZK5RoyPAzv2B9NAlYRuKJOllo:zreCsO3g6QRoyPAw6eRh |
MD5: | 7E49C04017D860D5EE299FFB104203DF |
SHA1: | DDF55616BDABC91EB801CE14A45ACDAD2142B78F |
SHA-256: | 1AC6E64459440B6EFB03FC256E24BCCBBC512CF6E7DCD85DD3C45E1CA7584176 |
SHA-512: | EC125C3CD1EDE0F4C24915BC39EA641F58F1D78048E0CCB631F249839440218B02706CC8ACA785DA2B3993EDBABEFB433BF19BA29A9F1EDFB6ACACBDDC0A4F50 |
Malicious: | false |
Antivirus: |
|
Preview: |
C:\Users\user\Nonhieratical\Thonny\Yderligheders\Samtalernes\Sikkerhedsventilen\Sports-Wallpapers-1.jpg
Download File
Process: | C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 782753 |
Entropy (8bit): | 7.972739118836816 |
Encrypted: | false |
SSDEEP: | 12288:1xE6g9kiViGNq+W6nQNIDO0tVGb34eaR6fUnMlkTFztQywzV0jyB4Dl9l+qfkwPN:7E6G3VibpHIdebodR6jlKFtQVUv+iP8S |
MD5: | E269DECCAC13CF01A0377872E79BC676 |
SHA1: | 54D196FDE9529310F9E5A3EBA6548DAB4F179542 |
SHA-256: | 255874E0A6A5CA862CBAE5C783D582729B343C70C5697062D7F1E587F15F25EC |
SHA-512: | 08ADAD38BE3472CF8814C40F99D6DCFDA313C2FED765B872AA30C0995B027F2BEDABF75DB625F3C40F003A8EFC3F41169CBA4AF706EC637018DEEF02EC92F6CC |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.9924781293877105 |
TrID: |
|
File name: | DHL04AWB01173903102023PDF.scr.exe |
File size: | 1211760 |
MD5: | 1bf124cc783ff47a91ada4e6d4ac9e6b |
SHA1: | b78f2ffb785071ab785830cdd4cbc5f010b7480b |
SHA256: | 494d5735144af171cc15708b37b491b74be1522494958e605ac348dd4897dcf9 |
SHA512: | b5e35fda41aedb7c40961098745153efa13470d065ac2cfb343c542011ed58869494770615db8a7e4b64b77ac6dd2de4f1cfd1403efeceee8425993bdf66670b |
SSDEEP: | 24576:7RNsMRW/uL9M7e36FgHRcMSbA22c91uwozF2KDQcvhNfSf7a09Xe+bUe:c4suGm6SxcD2SczF2aQcffSDb99 |
TLSH: | 214533D212E2B0B3D690D93B5D5D6E7EE173D60014B2274B7340A8AE6F38165AB1F374 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.D9u.*ju.*ju.*j..ujw.*ju.+j..*j..wjd.*j!..j..*j..,jt.*jRichu.*j........PE..L....e.Q.................`...*.......3.......p....@ |
Icon Hash: | 74f0d0c0ccd4f0c4 |
Entrypoint: | 0x40331c |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x519965DC [Sun May 19 23:53:00 2013 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 17b7d61bda0f7478e36d9ce3d4170680 |
Signature Valid: | false |
Signature Issuer: | E=inertnesses@Forbetoning20.En, OU="Falskspillere Unrelinquishable ", O=Inalterableness, L=Montague, S=Texas, C=US |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | B6296BD55FD696653A6ECFD645239E12 |
Thumbprint SHA-1: | 7B9D3A3205DB42A6F338C423028B131EDDD4F064 |
Thumbprint SHA-256: | F7E0D7AFE23FD9E15D7B7C6CB47B4662581AE209B91E9046AE6A7AAFDC37720B |
Serial: | 04D25D90CEF83AEC304DC1F83B1B5CCF54893695 |
Instruction |
---|
sub esp, 000002D4h |
push ebx |
push ebp |
push esi |
push edi |
push 00000020h |
xor ebp, ebp |
pop esi |
mov dword ptr [esp+18h], ebp |
mov dword ptr [esp+10h], 00409230h |
mov dword ptr [esp+14h], ebp |
call dword ptr [00407034h] |
push 00008001h |
call dword ptr [004070BCh] |
push ebp |
call dword ptr [004072ACh] |
push 00000008h |
mov dword ptr [00429298h], eax |
call 00007F18C9476A2Dh |
mov dword ptr [004291E4h], eax |
push ebp |
lea eax, dword ptr [esp+34h] |
push 000002B4h |
push eax |
push ebp |
push 00420690h |
call dword ptr [0040717Ch] |
push 0040937Ch |
push 004281E0h |
call 00007F18C9476698h |
call dword ptr [00407134h] |
mov ebx, 00434000h |
push eax |
push ebx |
call 00007F18C9476686h |
push ebp |
call dword ptr [0040710Ch] |
cmp word ptr [00434000h], 0022h |
mov dword ptr [004291E0h], eax |
mov eax, ebx |
jne 00007F18C9473B8Ah |
push 00000022h |
mov eax, 00434002h |
pop esi |
push esi |
push eax |
call 00007F18C94760F4h |
push eax |
call dword ptr [00407240h] |
mov dword ptr [esp+1Ch], eax |
jmp 00007F18C9473C49h |
push 00000020h |
pop edx |
cmp cx, dx |
jne 00007F18C9473B89h |
inc eax |
inc eax |
cmp word ptr [eax], dx |
je 00007F18C9473B7Bh |
add word ptr [eax], 0000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7494 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4e000 | 0x7fc0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x127368 | 0xa08 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x2b8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5e1c | 0x6000 | False | 0.6542561848958334 | data | 6.407290112650426 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x1354 | 0x1400 | False | 0.43046875 | data | 5.037834422880877 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x202d8 | 0x600 | False | 0.47265625 | data | 3.7587363087821926 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x2a000 | 0x24000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x4e000 | 0x7fc0 | 0x8000 | False | 0.949371337890625 | data | 7.7369782578420665 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x4e1d8 | 0x7562 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_DIALOG | 0x55740 | 0x100 | data | English | United States |
RT_DIALOG | 0x55840 | 0xf8 | data | English | United States |
RT_DIALOG | 0x55938 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x55998 | 0x14 | data | English | United States |
RT_VERSION | 0x559b0 | 0x25c | data | English | United States |
RT_MANIFEST | 0x55c10 | 0x3b0 | XML 1.0 document, ASCII text, with very long lines (944), with no line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | CompareFileTime, SearchPathW, SetFileTime, CloseHandle, GetShortPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, GetFullPathNameW, CreateDirectoryW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, SetFileAttributesW, ExpandEnvironmentStringsW, SetErrorMode, LoadLibraryW, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, lstrcpyA, lstrcpyW, lstrcatW, GetSystemDirectoryW, GetVersion, GetProcAddress, LoadLibraryA, GetModuleHandleA, GetModuleHandleW, lstrcmpiW, lstrcmpW, WaitForSingleObject, GlobalFree, GlobalAlloc, LoadLibraryExW, GetExitCodeProcess, FreeLibrary, WritePrivateProfileStringW, GetCommandLineW, GetTempPathW, GetPrivateProfileStringW, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, MultiByteToWideChar, FindClose, MulDiv, ReadFile, WriteFile, lstrlenA, WideCharToMultiByte |
USER32.dll | EndDialog, ScreenToClient, GetWindowRect, RegisterClassW, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, wsprintfW, CreateWindowExW, SystemParametersInfoW, AppendMenuW, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, GetDC, SetWindowLongW, LoadImageW, SendMessageTimeoutW, FindWindowExW, EmptyClipboard, OpenClipboard, TrackPopupMenu, EndPaint, ShowWindow, GetDlgItem, IsWindow, SetForegroundWindow |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
ADVAPI32.dll | RegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegEnumValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
ole32.dll | CoCreateInstance, CoTaskMemFree, OleInitialize, OleUninitialize |
VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 18:04:13 |
Start date: | 16/03/2023 |
Path: | C:\Users\user\Desktop\DHL04AWB01173903102023PDF.scr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1211760 bytes |
MD5 hash: | 1BF124CC783FF47A91ADA4E6D4AC9E6B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Execution Graph
Execution Coverage: | 19.4% |
Dynamic/Decrypted Code Coverage: | 14.5% |
Signature Coverage: | 18.4% |
Total number of Nodes: | 1535 |
Total number of Limit Nodes: | 41 |
Graph
Function 0040331C Relevance: 75.6, APIs: 27, Strings: 16, Instructions: 335stringfilecomCOMMON
Control-flow Graph
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405290 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
Control-flow Graph
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405EBF Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 207stringCOMMON
Control-flow Graph
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040572C Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
Control-flow Graph
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004064F2 Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402706 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403871 Relevance: 49.2, APIs: 15, Strings: 13, Instructions: 216stringregistrylibraryCOMMON
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402D52 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
Control-flow Graph
C-Code - Quality: 99% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401752 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
Control-flow Graph
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402FF8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
Control-flow Graph
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403123 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108fileCOMMON
Control-flow Graph
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402571 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 105fileCOMMON
Control-flow Graph
C-Code - Quality: 75% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040232F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
Control-flow Graph
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D6A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002814 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 156fileCOMMON
C-Code - Quality: 16% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406927 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
C-Code - Quality: 99% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406B28 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040683E Relevance: 5.2, APIs: 4, Instructions: 205COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406343 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406791 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004068AF Relevance: 5.2, APIs: 4, Instructions: 170COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004067FB Relevance: 5.2, APIs: 4, Instructions: 168COMMON
C-Code - Quality: 98% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401F98 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002739 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040156B Relevance: 3.0, APIs: 2, Instructions: 23COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401DC7 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405B26 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405B01 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040268F Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 38% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402251 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040329F Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004040EC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404138 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404121 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004032D1 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040410E Relevance: 1.5, APIs: 1, Instructions: 4COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404ACD Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMONCrypto
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404587 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 269stringCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 66% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404289 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405BA9 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 141filestringmemoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405151 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000228E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 134memorystringCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004024EC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 54filestringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404153 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002430 Relevance: 10.6, APIs: 7, Instructions: 110COMMON
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404A1B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001620 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41memorylibraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C15 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100018CA Relevance: 7.7, APIs: 5, Instructions: 190COMMON
C-Code - Quality: 97% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401CE5 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D41 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
C-Code - Quality: 71% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404935 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405905 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401F08 Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004050C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
C-Code - Quality: 89% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040561F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405951 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A8B Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |