Windows
Analysis Report
invoice.exe
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- invoice.exe (PID: 2144 cmdline:
C:\Users\u ser\Deskto p\invoice. exe MD5: F111934675C34CCA18D9D76FC34A2E40)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00406268 | |
Source: | Code function: | 0_2_0040572D | |
Source: | Code function: | 0_2_004026F8 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_004051CA |
Source: | File created: | Jump to dropped file |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_004031F1 |
Source: | Code function: | 0_2_00406742 | |
Source: | Code function: | 0_2_00404A09 | |
Source: | Code function: | 0_2_00406F19 |
Source: | Static PE information: |
Source: | Process Stats: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_004031F1 |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_004020CB |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_00404496 |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_10002D4E |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_10001A5D |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: | 0_2_00406268 | |
Source: | Code function: | 0_2_0040572D | |
Source: | Code function: | 0_2_004026F8 |
Source: | API call chain: | graph_0-4240 | ||
Source: | API call chain: | graph_0-4063 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_10001A5D |
Source: | Code function: | 0_2_004031F1 |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | Path Interception | 1 Access Token Manipulation | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | LSASS Memory | 3 File and Directory Discovery | Remote Desktop Protocol | 1 Clipboard Data | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | 3 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
36% | ReversingLabs | Win32.Trojan.Tnega |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
2% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1223491 | Download File | ||
100% | Avira | HEUR/AGEN.1223491 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high |
Joe Sandbox Version: | 37.0.0 Beryl |
Analysis ID: | 828743 |
Start date and time: | 2023-03-17 14:20:40 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 25s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | invoice.exe |
Detection: | MAL |
Classification: | mal56.rans.winEXE@1/12@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: invoice.exe
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Antimodernly\trever\Hovedinteressers\lang-1059.dll | Get hash | malicious | GuLoader | Browse | ||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | AgentTesla, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | AgentTesla, GuLoader | Browse | |||
Get hash | malicious | AgentTesla, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | Unknown | Browse |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Antimodernly\trever\Hovedinteressers\icon-ui.icns
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1245 |
Entropy (8bit): | 5.462849750105637 |
Encrypted: | false |
SSDEEP: | 24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5 |
MD5: | 5343C1A8B203C162A3BF3870D9F50FD4 |
SHA1: | 04B5B886C20D88B57EEA6D8FF882624A4AC1E51D |
SHA-256: | DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F |
SHA-512: | E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Antimodernly\trever\Hovedinteressers\lang-1059.dll
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 160264 |
Entropy (8bit): | 4.358279117234243 |
Encrypted: | false |
SSDEEP: | 768:EVS3TP/nITMkSXnOLeecEKVdPGeGlo1ciX9NtfoxOpGHXGHmeVDj3bRQ9pY/ycVa:EVsPQBRodPDW4zMctML/ |
MD5: | B47C741673A92A16B48140FCBDA04030 |
SHA1: | AA7A003DA656320A274F276EE4BF8C27203D1B4C |
SHA-256: | E6E775E7A5AC1BFA01B5A5CB9A7532171817408E67E346E33CA3CB091BDEA478 |
SHA-512: | 464BFC63FD715E07C02ED78F9603A1C890F3848C0D46BB7B58D352B3FF1E76612E8D772903C9954159586735567DD493A023BCFADA5E15407725F7267567DC60 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Ath_CoexAgent.exe
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323584 |
Entropy (8bit): | 6.212800759462987 |
Encrypted: | false |
SSDEEP: | 3072:KW+Rs18sEZQEwgD+odVKFKLuFv1kJV0YVJL/vFU/lmJ03Hk7OJ3/b7FG66sN4IqF:j7SdPKZ1kJLLH+lmJgHeOVb7o663L |
MD5: | 86B8B1F5C1189D68B07666784BE882FE |
SHA1: | B023E9442CFC9C9652E1C8990F06DEF08BDC5B01 |
SHA-256: | 0DD8C627F3DDBDB61B1910540C465C0D62C9F8D84C7CBB6C80782DB02D535AF0 |
SHA-512: | E471BEBDD441756CD840420C862CD84EF18A03144DDCAA20D783399D0736BD012D3984E38BDDB9DF16837B205D0A6ECA4C6FEE1D41553B5002A4B1E1B753E139 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Diskofils\Justiciaryship\vmusbmouse.cat
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10376 |
Entropy (8bit): | 7.080841609849737 |
Encrypted: | false |
SSDEEP: | 192:pL/2EJC+EhGRmwBYyKaWFWQFV5NB0884LfqnajnWc:11PCFRVJlLWc |
MD5: | DBE99D951395F37E5C3F4164D8A22245 |
SHA1: | 238EF179549F6AEB2E3C6F4188365814A965312B |
SHA-256: | 671CB26C75AC0256B07835AE00E7018AF6126FAE7400BF21E57707E0CC9164B5 |
SHA-512: | 3A931015C1038965028AD70E439F75BA210B1113BBCD8A7C5063DA376DBB577F250BE6141B93F1CB100084A930DAD4B2205864F19F3A5E3911CD6CC0B6D0D0D8 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Inkshed\Mss32.dll
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 353768 |
Entropy (8bit): | 6.836018886719178 |
Encrypted: | false |
SSDEEP: | 6144:EpcTapyHuUcl0PUpFawtMR6gP4aHrmtcWR3uA9:MIaQ+l0PoRtW6aHrmtcWRt9 |
MD5: | B75A8E0DDEEB4330C1DBA37105244B0F |
SHA1: | E5302CA8517AC2826B5D56E3395D41C34B5B3DF7 |
SHA-256: | CC142B9D8B5223E2720C6440CB7A124C0A80D2FB04ECF59AD7331DFD6E3CB51F |
SHA-512: | 120F91A144B5B6CC9E33B232AE4466AF2E6C5F702F4C04E9A03DD4F239DE752770E4DE2C6BE2CAF3BEE9775C8887EAB9E08A896D7F2EBA1AD8CF928555CC99A3 |
Malicious: | false |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Inkshed\NMDllHost.exe
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 116720 |
Entropy (8bit): | 5.889271571414613 |
Encrypted: | false |
SSDEEP: | 3072:g3nqpX2I6OhctR+lCTD01Lcy4J93TnCx86:L2W1oy4J93TCT |
MD5: | DBF787BD6E5CE77FB34FF281A144EB96 |
SHA1: | 50B7799ECCA566BE35429828245D44CB04AD8885 |
SHA-256: | CCBACEEA04837229C95C08274C747ABE069279AFB990DDD89EC743C42ADC0AD9 |
SHA-512: | 07949EC3882D9CB6E2341CE60C6E911F24463B01F484C037E65A2A8F3495543A096B632E01F8480D03FF388D1E811ECF760155F97F1D5329785C506603BB18A7 |
Malicious: | false |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Stemningssvingning\Urgently.Suk
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 52812 |
Entropy (8bit): | 2.691443133069214 |
Encrypted: | false |
SSDEEP: | 768:w3MHvSSEEEE422O9Py2Ve76uBu+O3+xpnY/A8o9kxErpEEEbYRx+KmGSBAM07byk:bvS53XH/Y/A8opMr07bnr |
MD5: | 4C6FAD70762561B0D38AA152C52796A8 |
SHA1: | 9FAFD1E9CF41E5482AC7960F7F0C20AB5B703D30 |
SHA-256: | C7CC1E08C3B0850EF02E7F4371D71918B55686581FDE5D124149884EE56C8F4F |
SHA-512: | 721DC72FF2153615343BCEC4B408337E8BD5012C234237F2005C43C48D1179DEDC1606014DE6659F5A22BC9116C2348C1AD5B05BF128D60572EEAE9346E06EE0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Udlandsrejse153\Aeroscopic\Clanging\Uskyldsrent\SourceCodePro-ExtraLight.otf
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 127080 |
Entropy (8bit): | 7.036042013030407 |
Encrypted: | false |
SSDEEP: | 3072:Tz0LOC7z/0cS/Uz0+Gp+dtsVaHGg0IADoQg4RAxL2+p:s7z/0jUz0+GsdBHGg9cg4mvp |
MD5: | 9ECC8DF598E9EDDE1072942D344CC0CF |
SHA1: | 9FF240AB48EB7E97237E25D8C6F8CD738BA97CAA |
SHA-256: | D945E1C81A59A434E36EEDEF21E64B61CC6901A9E43936AF79C20BDBF57592B1 |
SHA-512: | 09978B7AF39B541C13F5E628BAF789E9FD1635258C74379351612451022D53B38B9F78DA7A74C19BA0FFB7B0C93B63C69EFCFC36285EFBCAF3678ADE7D423AD0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Udlandsrejse153\Aeroscopic\Clanging\Uskyldsrent\cs.txt
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9204 |
Entropy (8bit): | 5.371514089173945 |
Encrypted: | false |
SSDEEP: | 192:iRJ98lWxEb5BvGIrd+mc1OTno+SXhbSIm1JjSvcQpK/w:ijK0GeIrQmEOTno+SXox1JjmpKo |
MD5: | 641B90F9AEDFC68486D0D20B40F7ECA6 |
SHA1: | 0A683DD844534905336784FADD80498AFE26F6FA |
SHA-256: | 87A4B9369FD51D76C9032C0E65C3C6221659E086798829072785BE589E55B839 |
SHA-512: | 567CB9F6C31D196A171E5A9C2726A39A9B3D351AC92D4ACF8624213A68C9033ACC31AFAAAD82AA9F5359F32D3A0CA40522E151B8370D553A41ABEB6A6E097078 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\figuranternes.Han
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 218305 |
Entropy (8bit): | 7.337101777894853 |
Encrypted: | false |
SSDEEP: | 3072:PdqWTzg/gzZ9xRpRmib28JUBTE+vAsGolsJAsJ7Z/aKespGgyfZrl:HOaZ1nv9J2I+veZiKe2i |
MD5: | DF0C864AD6FE636F3AD391B04A408AC7 |
SHA1: | B0072D5406BA66EDD9F6A1A443D56378BDA688C5 |
SHA-256: | A802EB02B9345615A947C6B8B57441D7DEBD4300FFEAFC16623CE18F68CABBF2 |
SHA-512: | 2AA97CC2724CA1309B3594F552BAF227CCB7B6F73B29E612A9779D987E9FBE0E41F7CE765083AE16CD3CEC84B826A401279D69200D1AE3A0722B4E3CC731079C |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5632 |
Entropy (8bit): | 4.76010720109437 |
Encrypted: | false |
SSDEEP: | 96:HqNXqwK188CgAtXvZBkjDf0yf9ysrtWp2wol:HAqrg1XvZB6kYtWp2 |
MD5: | 88C3BA1802AEF228541820767453E058 |
SHA1: | 4F3AEFB9E4EC27CB49973CB19BD968E54A2BA676 |
SHA-256: | 2722555EC1F72523774B64D25FD4C2B460000BFE82140876D6100DC4FB1F62B1 |
SHA-512: | 718790339E13B53553AFDE6968AE10CDA7B47CBDBFC82599116C8B5B1E8FBBA259F0CE6781908BE027360132A0ABE057DF2FFA7072212ACDA96BFF535E241582 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11264 |
Entropy (8bit): | 5.767999234165119 |
Encrypted: | false |
SSDEEP: | 192:cPtkumJX7zBE2kGwfy9S9VkPsFQ1MZ1c:N7O2k5q9wA1MZa |
MD5: | C9473CB90D79A374B2BA6040CA16E45C |
SHA1: | AB95B54F12796DCE57210D65F05124A6ED81234A |
SHA-256: | B80A5CBA69D1853ED5979B0CA0352437BF368A5CFB86CB4528EDADD410E11352 |
SHA-512: | EAFE7D5894622BC21F663BCA4DD594392EE0F5B29270B6B56B0187093D6A3A103545464FF6398AD32D2CF15DAB79B1F133218BA9BA337DDC01330B5ADA804D7B |
Malicious: | false |
Antivirus: |
|
Preview: |
File type: | |
Entropy (8bit): | 7.953363965326294 |
TrID: |
|
File name: | invoice.exe |
File size: | 861416 |
MD5: | f111934675c34cca18d9d76fc34a2e40 |
SHA1: | 6c54e0fbae03df56fee84195f3deb4d2ebd8d8c1 |
SHA256: | c627b8bb6c4ea0cf03aa2d209d0ecc53ff9784283328dabd44c1675aef0939c2 |
SHA512: | 48b825550b320ebfcccc4260e359ffedad7675913ee7e7a62bd62a3839fd20c8f7cafb9a6e6bb8d7d8a2164674019b696c8851362c0a6b69f4dde8b1da3dc84c |
SSDEEP: | 12288:cJAEzBf4FZZmubGJ6vVZgj9Zp4RVkdXALai8ZpP7MxhGmeLJfRriFm4gCb5vr:cJBf4guba6voj9mOdXALN8bP7MxhVP5 |
TLSH: | 090523919D24D01ACFCB1A32C6E0AAF51FA93D1DF546350FAB103DDE7AB3016992E1D8 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L...2.uY.................d...|..... |
Icon Hash: | 185d7c3f1d094720 |
Entrypoint: | 0x4031f1 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x59759532 [Mon Jul 24 06:35:30 2017 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 3abe302b6d9a1256e6a915429af4ffd2 |
Signature Valid: | false |
Signature Issuer: | E=Levnendes@Printstnings.Gum, OU="Berlinsk Absorptively Uncatholicise ", O=Toffy, L=Parbrook, S=England, C=GB |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 56C9BA7DFEC92471D18B65DEBADFD264 |
Thumbprint SHA-1: | 791103B8F445F30749CC09454489D8932043151F |
Thumbprint SHA-256: | 12660D9C667AA56EF5F4D3C7A46C00BBF32786E1EDB7C6D1BB2EFDC10DDE5337 |
Serial: | 292387F23D7D31A4C4A61C828EB508755809B6A4 |
Instruction |
---|
sub esp, 00000184h |
push ebx |
push esi |
push edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 0040A198h |
mov dword ptr [esp+20h], ebx |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [004080A0h] |
call dword ptr [0040809Ch] |
and eax, BFFFFFFFh |
cmp ax, 00000006h |
mov dword ptr [0042F40Ch], eax |
je 00007F8F7CA0DE63h |
push ebx |
call 00007F8F7CA10F1Ah |
cmp eax, ebx |
je 00007F8F7CA0DE59h |
push 00000C00h |
call eax |
mov esi, 00408298h |
push esi |
call 00007F8F7CA10E96h |
push esi |
call dword ptr [00408098h] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], bl |
jne 00007F8F7CA0DE3Dh |
push 0000000Ah |
call 00007F8F7CA10EEEh |
push 00000008h |
call 00007F8F7CA10EE7h |
push 00000006h |
mov dword ptr [0042F404h], eax |
call 00007F8F7CA10EDBh |
cmp eax, ebx |
je 00007F8F7CA0DE61h |
push 0000001Eh |
call eax |
test eax, eax |
je 00007F8F7CA0DE59h |
or byte ptr [0042F40Fh], 00000040h |
push ebp |
call dword ptr [00408044h] |
push ebx |
call dword ptr [00408288h] |
mov dword ptr [0042F4D8h], eax |
push ebx |
lea eax, dword ptr [esp+38h] |
push 00000160h |
push eax |
push ebx |
push 00429830h |
call dword ptr [00408178h] |
push 0040A188h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8534 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x41000 | 0x219c8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xd02c0 | 0x2228 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x298 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6254 | 0x6400 | False | 0.6676171875 | data | 6.4338643172916266 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x1354 | 0x1400 | False | 0.4599609375 | data | 5.236269898436511 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x25518 | 0x600 | False | 0.4557291666666667 | data | 4.044625496015545 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x30000 | 0x11000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x41000 | 0x219c8 | 0x21a00 | False | 0.8901312732342007 | data | 7.609648735329348 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x41418 | 0x1224f | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x53668 | 0x6259 | PNG image data, 256 x 256, 8-bit colormap, non-interlaced | English | United States |
RT_ICON | 0x598c8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States |
RT_ICON | 0x5be70 | 0x2466 | PNG image data, 256 x 256, 4-bit colormap, non-interlaced | English | United States |
RT_ICON | 0x5e2d8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States |
RT_ICON | 0x5f380 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304 | English | United States |
RT_ICON | 0x60228 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024 | English | United States |
RT_ICON | 0x60ad0 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States |
RT_ICON | 0x61138 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256 | English | United States |
RT_ICON | 0x616a0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_ICON | 0x61b08 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States |
RT_ICON | 0x61df0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States |
RT_DIALOG | 0x61f18 | 0x120 | data | English | United States |
RT_DIALOG | 0x62038 | 0x11c | data | English | United States |
RT_DIALOG | 0x62158 | 0xc4 | data | English | United States |
RT_DIALOG | 0x62220 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x62280 | 0xae | data | English | United States |
RT_VERSION | 0x62330 | 0x354 | data | English | United States |
RT_MANIFEST | 0x62688 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | GetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetCurrentDirectoryA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA |
USER32.dll | ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA |
ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA |
COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 14:21:38 |
Start date: | 17/03/2023 |
Path: | C:\Users\user\Desktop\invoice.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 861416 bytes |
MD5 hash: | F111934675C34CCA18D9D76FC34A2E40 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Execution Graph
Execution Coverage: | 23.2% |
Dynamic/Decrypted Code Coverage: | 13.6% |
Signature Coverage: | 19.9% |
Total number of Nodes: | 1470 |
Total number of Limit Nodes: | 45 |
Graph
Function 004031F1 Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 368stringcomfileCOMMON
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004051CA Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001A5D Relevance: 25.0, APIs: 13, Strings: 1, Instructions: 540stringmemoryCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040572D Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
Control-flow Graph
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406268 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403B52 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
Control-flow Graph
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004037B5 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 80% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405F87 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 199stringCOMMON
Control-flow Graph
C-Code - Quality: 72% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
Control-flow Graph
C-Code - Quality: 60% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 95% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040508C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040628F Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401FFD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
Control-flow Graph
C-Code - Quality: 60% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004023D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100027E4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 156fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405E4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
C-Code - Quality: 90% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002709 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
C-Code - Quality: 59% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401E25 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AFE Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AD9 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004055CF Relevance: 3.0, APIs: 2, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004025C4 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402682 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
C-Code - Quality: 40% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405B76 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405BA5 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040159D Relevance: 1.5, APIs: 1, Instructions: 18COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404072 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405647 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040405B Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004031A9 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404048 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405928 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10001215 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404A09 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMONCrypto
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404496 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004026F8 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406742 Relevance: .3, Instructions: 334COMMONCrypto
C-Code - Quality: 79% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406F19 Relevance: .3, Instructions: 300COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040416F Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 202windowstringCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405BD4 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402C61 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040408D Relevance: 12.1, APIs: 8, Instructions: 61COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100023D8 Relevance: 10.6, APIs: 7, Instructions: 111COMMON
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404957 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100021FA Relevance: 9.1, APIs: 6, Instructions: 137memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040484D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
C-Code - Quality: 77% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000180D Relevance: 7.7, APIs: 5, Instructions: 189COMMON
C-Code - Quality: 97% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D3B Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401C04 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
C-Code - Quality: 59% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004058FD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402CE4 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405000 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
C-Code - Quality: 91% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004059EB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405604 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405944 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A63 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |