Windows
Analysis Report
dh58NtARpk.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- dh58NtARpk.exe (PID: 5768 cmdline:
C:\Users\u ser\Deskto p\dh58NtAR pk.exe MD5: 2032B7D145FE0F407B98C2A48062EE79) - niba6381.exe (PID: 5784 cmdline:
C:\Users\u ser~1\AppD ata\Local\ Temp\IXP00 0.TMP\niba 6381.exe MD5: E932D020D5BCC91C42D7895B0C015B9F) - niba7464.exe (PID: 5820 cmdline:
C:\Users\u ser~1\AppD ata\Local\ Temp\IXP00 1.TMP\niba 7464.exe MD5: F3CABEEFAC76CD6579D2F50C697BE89E) - f6228Ih.exe (PID: 5844 cmdline:
C:\Users\u ser~1\AppD ata\Local\ Temp\IXP00 2.TMP\f622 8Ih.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0) - h27pP32.exe (PID: 6028 cmdline:
C:\Users\u ser~1\AppD ata\Local\ Temp\IXP00 2.TMP\h27p P32.exe MD5: D8B9F9B9746A572D47B8CF13539512F6)
- rundll32.exe (PID: 5876 cmdline:
C:\Windows \system32\ rundll32.e xe" C:\Win dows\syste m32\advpac k.dll,DelN odeRunDLL3 2 "C:\User s\user~1\A ppData\Loc al\Temp\IX P000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
- rundll32.exe (PID: 6100 cmdline:
C:\Windows \system32\ rundll32.e xe" C:\Win dows\syste m32\advpac k.dll,DelN odeRunDLL3 2 "C:\User s\user~1\A ppData\Loc al\Temp\IX P001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
- rundll32.exe (PID: 4800 cmdline:
C:\Windows \system32\ rundll32.e xe" C:\Win dows\syste m32\advpac k.dll,DelN odeRunDLL3 2 "C:\User s\user~1\A ppData\Loc al\Temp\IX P002.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": "193.233.20.28:4125", "Bot Id": "ruka", "Message": "", "Authorization Header": "5d1d0e51ebe1e3f16cca573ff651c43c"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
Click to see the 3 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
MALWARE_Win_RedLine | Detects RedLine infostealer | ditekSHen |
| |
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
Click to see the 7 entries |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Avira: |
Source: | Avira: |
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Malware Configuration Extractor: |
Source: | Code function: | 0_2_00BE2F1D | |
Source: | Code function: | 1_2_00CC2F1D | |
Source: | Code function: | 2_2_00BC2F1D |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00BE2390 | |
Source: | Code function: | 1_2_00CC2390 | |
Source: | Code function: | 2_2_00BC2390 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | URLs: |
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00BE1F90 | |
Source: | Code function: | 1_2_00CC1F90 | |
Source: | Code function: | 2_2_00BC1F90 |
Source: | Code function: | 0_2_00BE3BA2 | |
Source: | Code function: | 0_2_00BE5C9E | |
Source: | Code function: | 1_2_00CC3BA2 | |
Source: | Code function: | 1_2_00CC5C9E | |
Source: | Code function: | 2_2_00BC3BA2 | |
Source: | Code function: | 2_2_00BC5C9E | |
Source: | Code function: | 5_2_00408C60 | |
Source: | Code function: | 5_2_0040DC11 | |
Source: | Code function: | 5_2_00407C3F | |
Source: | Code function: | 5_2_00418CCC | |
Source: | Code function: | 5_2_00406CA0 | |
Source: | Code function: | 5_2_004028B0 | |
Source: | Code function: | 5_2_0041A4BE | |
Source: | Code function: | 5_2_00418244 | |
Source: | Code function: | 5_2_00401650 | |
Source: | Code function: | 5_2_00402F20 | |
Source: | Code function: | 5_2_004193C4 | |
Source: | Code function: | 5_2_00418788 | |
Source: | Code function: | 5_2_00402F89 | |
Source: | Code function: | 5_2_00402B90 | |
Source: | Code function: | 5_2_004073A0 | |
Source: | Code function: | 5_2_044F84AB | |
Source: | Code function: | 5_2_044E2DF7 | |
Source: | Code function: | 5_2_044EDE78 | |
Source: | Code function: | 5_2_044E8EC7 | |
Source: | Code function: | 5_2_044E7EA6 | |
Source: | Code function: | 5_2_044E6F07 | |
Source: | Code function: | 5_2_044FA725 | |
Source: | Code function: | 5_2_044F8F33 | |
Source: | Code function: | 5_2_044E77D9 | |
Source: | Code function: | 5_2_044E786D | |
Source: | Code function: | 5_2_044E18B7 | |
Source: | Code function: | 5_2_044F89EF | |
Source: | Code function: | 5_2_044E31F0 | |
Source: | Code function: | 5_2_044E3187 | |
Source: | Code function: | 5_2_044E2B17 | |
Source: | Code function: | 5_2_04A20DB0 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Dropped File: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00BE1F90 | |
Source: | Code function: | 1_2_00CC1F90 | |
Source: | Code function: | 2_2_00BC1F90 |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_00BE597D |
Source: | Code function: | 0_2_00BE3FEF |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 3_2_00007FFDC4411B10 |
Source: | Code function: | 5_2_004019F0 |
Source: | Process created: |
Source: | Code function: | 0_2_00BE4FE0 |
Source: | Command line argument: | 0_2_00BE2BFB | |
Source: | Command line argument: | 1_2_00CC2BFB | |
Source: | Command line argument: | 2_2_00BC2BFB | |
Source: | Command line argument: | 5_2_00413780 |
Source: | Automated click: | ||
Source: | Automated click: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00BE7260 | |
Source: | Code function: | 1_2_00CC7260 | |
Source: | Code function: | 2_2_00BC7260 | |
Source: | Code function: | 5_2_0041C4E2 | |
Source: | Code function: | 5_2_00423179 | |
Source: | Code function: | 5_2_0041C4E2 | |
Source: | Code function: | 5_2_00423179 | |
Source: | Code function: | 5_2_0040E230 | |
Source: | Code function: | 5_2_0041C6BF | |
Source: | Code function: | 5_2_044EE497 | |
Source: | Code function: | 5_2_044FBF49 | |
Source: | Code function: | 5_2_044FBF49 | |
Source: | Code function: | 5_2_044FC126 | |
Source: | Code function: | 5_2_04A2414E | |
Source: | Code function: | 5_2_04A24554 |
Source: | Code function: | 0_2_00BE202A |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Code function: | 0_2_00BE1AE8 | |
Source: | Code function: | 1_2_00CC1AE8 | |
Source: | Code function: | 2_2_00BC1AE8 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 5_2_004019F0 |
Source: | Evasive API call chain: | ||
Source: | Evasive API call chain: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Check user administrative privileges: | graph_1-2574 | ||
Source: | Check user administrative privileges: | graph_0-2454 | ||
Source: | Check user administrative privileges: | graph_2-2451 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00BE5467 |
Source: | Code function: | 0_2_00BE2390 | |
Source: | Code function: | 1_2_00CC2390 | |
Source: | Code function: | 2_2_00BC2390 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | API call chain: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 5_2_0040CE09 |
Source: | Code function: | 5_2_004019F0 |
Source: | Code function: | 0_2_00BE202A |
Source: | Code function: | 5_2_0040ADB0 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 5_2_044E092B | |
Source: | Code function: | 5_2_044E0D90 |
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_00BE6F40 | |
Source: | Code function: | 0_2_00BE6CF0 | |
Source: | Code function: | 1_2_00CC6F40 | |
Source: | Code function: | 1_2_00CC6CF0 | |
Source: | Code function: | 2_2_00BC6F40 | |
Source: | Code function: | 2_2_00BC6CF0 | |
Source: | Code function: | 5_2_0040CE09 | |
Source: | Code function: | 5_2_0040E61C | |
Source: | Code function: | 5_2_00416F6A | |
Source: | Code function: | 5_2_004123F1 | |
Source: | Code function: | 5_2_044F2658 | |
Source: | Code function: | 5_2_044ED070 | |
Source: | Code function: | 5_2_044EE883 | |
Source: | Code function: | 5_2_044F71D1 |
Source: | Code function: | 0_2_00BE18A3 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 5_2_00417A20 | |
Source: | Code function: | 5_2_044F7C87 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_00BE7155 |
Source: | Code function: | 0_2_00BE2BFB |
Source: | Code function: | 3_2_00007FFDC441077D |
Lowering of HIPS / PFW / Operating System Security Settings |
---|
Source: | Registry key value created / modified: | Jump to behavior |
Source: | Registry key value created / modified: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 3 Native API | 1 Windows Service | 2 Bypass User Access Control | 21 Disable or Modify Tools | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Service Execution | Logon Script (Windows) | 1 Windows Service | 3 Obfuscated Files or Information | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 1 Process Injection | 22 Software Packing | NTDS | 26 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Timestomp | LSA Secrets | 13 Security Software Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 2 Bypass User Access Control | Cached Domain Credentials | 21 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Masquerading | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 21 Virtualization/Sandbox Evasion | Proc Filesystem | 1 System Owner/User Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 Access Token Manipulation | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | 1 Process Injection | Network Sniffing | Process Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | 1 Rundll32 | Input Capture | Permission Groups Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
69% | ReversingLabs | Win32.Trojan.Plugx | ||
55% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1252166 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1252166 | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
88% | ReversingLabs | ByteCode-MSIL.Trojan.Whispergate | ||
62% | ReversingLabs | Win32.Trojan.Plugx | ||
49% | ReversingLabs | Win32.Trojan.Generic | ||
59% | ReversingLabs | Win32.Trojan.Plugx | ||
88% | ReversingLabs | ByteCode-MSIL.Trojan.Casdet | ||
49% | ReversingLabs | Win32.Trojan.Generic |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1253311 | Download File | ||
100% | Avira | HEUR/AGEN.1252166 | Download File | ||
100% | Avira | HEUR/AGEN.1253311 | Download File | ||
100% | Avira | HEUR/AGEN.1252166 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
windowsupdatebg.s.llnwi.net | 95.140.230.128 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
Joe Sandbox Version: | 37.0.0 Beryl |
Analysis ID: | 829682 |
Start date and time: | 2023-03-18 21:02:37 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 58s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 41 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | dh58NtARpk.exe |
Original Sample Name: | 2032b7d145fe0f407b98c2a48062ee79.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@12/8@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 23.10.249.161, 23.10.249.147, 209.197.3.8
- Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, eudb.ris.api.iris.microsoft.com, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, a767.dspw65.akamai.net, arc.msn.com, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, login.live.com, store-images.s-microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
windowsupdatebg.s.llnwi.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Amadey, RedLine | Browse |
| ||
Get hash | malicious | Amadey, RedLine | Browse |
| ||
Get hash | malicious | Amadey, RedLine | Browse |
| ||
Get hash | malicious | Amadey, RedLine | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Amadey, Djvu, Fabookie, SmokeLoader | Browse |
| ||
Get hash | malicious | GhostRat, Nitol | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | RHADAMANTHYS | Browse |
| ||
Get hash | malicious | Laplas Clipper, Stealc, Vidar | Browse |
| ||
Get hash | malicious | GRQ Scam | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | DarkTortilla, Remcos | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Emotet | Browse |
| ||
Get hash | malicious | Emotet | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\IXP000.TMP\l91ip55.exe | Get hash | malicious | Amadey, RedLine | Browse | ||
Get hash | malicious | RedLine | Browse | |||
Get hash | malicious | RedLine | Browse | |||
Get hash | malicious | RedLine | Browse | |||
Get hash | malicious | Amadey, RedLine | Browse |
Process: | C:\Users\user\AppData\Local\Temp\IXP002.TMP\f6228Ih.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 226 |
Entropy (8bit): | 5.354940450065058 |
Encrypted: | false |
SSDEEP: | 6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv |
MD5: | B10E37251C5B495643F331DB2EEC3394 |
SHA1: | 25A5FFE4C2554C2B9A7C2794C9FE215998871193 |
SHA-256: | 8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D |
SHA-512: | 296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\IXP002.TMP\h27pP32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 321 |
Entropy (8bit): | 5.355221377978991 |
Encrypted: | false |
SSDEEP: | 6:Q3La/xwchM3RJoDLIP12MUAvvR+uCqDLIP12MUAvvR+uTL2LDY3U21v:Q3La/hhkvoDLI4MWuCqDLI4MWuPk21v |
MD5: | 03C5BA5FCE7124B503EA65EF522177C3 |
SHA1: | F76B1F538D5EA66664355901E927B2F870ACCDD8 |
SHA-256: | 8128CE419BBE0419F1A0BDE97C3A14E3377C0184DC1D7AF61AA01AAB756B625B |
SHA-512: | 151A974DDABA852144EC4BC18C548227A32E5261736F186A3920F2497434AEE9DBB0E0AB77E0E52A84A9FBC4529A158882B7549763400DDC2082D384B1135141 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\dh58NtARpk.exe |
File Type: | |
Category: | modified |
Size (bytes): | 179200 |
Entropy (8bit): | 4.951964215863173 |
Encrypted: | false |
SSDEEP: | 3072:PxqZWN9abUP0Pv3EIye7597h4HxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwM:5qZ5v3fV7h |
MD5: | 6C4C2A56D5DD785ADBE4FE60FA3CC1F2 |
SHA1: | F8BD4379310258F8E54C47B56F5EEC7394ADB9A2 |
SHA-256: | B182F2D3D49BDDA2E29A0ED312DEEF4BEE03983DE54080C5E97AD6422DE192D2 |
SHA-512: | F6958CAB80E2F7736CEA307B51BE546E50ACD5494B72DB0343A09E6EF8C446114F51BE6C9826FCB6E9F7190E4EC8415C0A403C3C1706183577C2604B877FF830 |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Joe Sandbox View: | |
Preview: |
Process: | C:\Users\user\Desktop\dh58NtARpk.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 712704 |
Entropy (8bit): | 7.8907270899854005 |
Encrypted: | false |
SSDEEP: | 12288:TMrby90VFZn9LjEl6zJXCCsk4hfUkHLMoECWfddHBCSDERgn/G+4NI:ky8F59LbJyj3QoMdhCjunDaI |
MD5: | E932D020D5BCC91C42D7895B0C015B9F |
SHA1: | 7F9143C16C9F60B6C2EEBC65D942490AB141A0D0 |
SHA-256: | 8E0A8F53AC07C3487C405EA43DF508C8ABAF8BDE59C68FEF4BD6BB8A107E95FE |
SHA-512: | 20F669EF329C40F2C7351804E5DA8D13556FD8873725763F59E1EFFFF181F9CDD3E3AB7041BECA15FEE87B90F122509629A7CED6200D90358C3A8B137EBCCB36 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\IXP000.TMP\niba6381.exe |
File Type: | |
Category: | modified |
Size (bytes): | 400896 |
Entropy (8bit): | 6.799084971714658 |
Encrypted: | false |
SSDEEP: | 6144:qpBL6vPRiUryaNB5HC6XkN9UomaZ4RPDNr:qpBGvPIUOaThCpDTQr |
MD5: | DE295C2CD6521FFF9DEB6CA1F5ECE477 |
SHA1: | ED97D4C07666FC7DB9267AB6639297F9C5794BB6 |
SHA-256: | BFD0574DAF68E68EAFE6E9E534EDD9F90A71447D057CBC6C51C671A48FB85F78 |
SHA-512: | AFF2CB2D33B80FA0258A9AACBBFD9B8B53F3E826B60A9F5B254805D5E5CB8ECB66DEC7C0717019A2E44AA384A2D906ED0CD00C4E5D28109C38A8FB82831249B8 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\IXP000.TMP\niba6381.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 353280 |
Entropy (8bit): | 7.694829830804989 |
Encrypted: | false |
SSDEEP: | 6144:KTy+bnr+Kp0yN90QEO8OEBfBfKzx142x9Q4lJEcdk4hxmXUTGuJIieu6MJG1N:pMrGy90uElszv4ACsk4hMUJeLMc1N |
MD5: | F3CABEEFAC76CD6579D2F50C697BE89E |
SHA1: | 748C8CB4F6C68941233E6591FE3E3BEF2F9B3B2C |
SHA-256: | 63A436B9C1876B185687520E406C079D1BB90D8C511C89DE59665EED9B7A2F22 |
SHA-512: | 91E03BDBBE8EE46D9723918BC4B123ACCC477400DAE4ECA34654A5267FDE406A5755195A3C2ACBF807D538F1EA8BE3534CCE2FFC6EF56E723262BCBB07FF7C1A |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\IXP001.TMP\niba7464.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11264 |
Entropy (8bit): | 4.97029807367379 |
Encrypted: | false |
SSDEEP: | 96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp |
MD5: | 7E93BACBBC33E6652E147E7FE07572A0 |
SHA1: | 421A7167DA01C8DA4DC4D5234CA3DD84E319E762 |
SHA-256: | 850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38 |
SHA-512: | 250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\IXP001.TMP\niba7464.exe |
File Type: | |
Category: | modified |
Size (bytes): | 341504 |
Entropy (8bit): | 6.481869646341358 |
Encrypted: | false |
SSDEEP: | 6144:jZ3LYwHUxsB2a9D4lJERA0Cr4x+WBQYLwzAW0nr:jZ38wHU2BsCi0R+Weowar |
MD5: | D8B9F9B9746A572D47B8CF13539512F6 |
SHA1: | ED341946BD3C7573033D53B8AE1FFFEDF32BDF2C |
SHA-256: | 5BA863C4CD393A8CE22CAFCAFDC59F6F5E1BEB4A5A989754CDAAD7FB21B91EAD |
SHA-512: | 7204D202448E7A959AA1DF395C451767B8DEDAA774853C29A0EE94C280A8881C9C7D6674097A63E2AE6823C93ED861DFA49ABDAD211B328B74548862EE71110D |
Malicious: | true |
Antivirus: |
|
Preview: |
File type: | |
Entropy (8bit): | 7.917063986758123 |
TrID: |
|
File name: | dh58NtARpk.exe |
File size: | 858112 |
MD5: | 2032b7d145fe0f407b98c2a48062ee79 |
SHA1: | b418b3306c7335b9ae886c1adb9082a902c232a8 |
SHA256: | 34f97fa022bcab02aa6d9304a871bf226edc4050fe66ab334d33f1d3f59e0911 |
SHA512: | fae2c78b445331477429ff206441c3225a5cde13a5d368f876a322a44eb141dc8c392f480a251f0a2e96115348721ecb22ff422bbffa951508236f16e71332d2 |
SSDEEP: | 12288:/MrRy90CZS37rP9c1brFZ+91yElJtxhgCskNh1UulLMkEAWGdQhhCiDUy7n//+4X:2y7S4FM915xKjGQkTQXCTGn+aB |
TLSH: | DC052302EAE45873E8B927315EF362830B35BCB09D7C465B2244ED5E5DB22D0A972377 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d. |
Icon Hash: | f8e0e4e8ecccc870 |
Entrypoint: | 0x406a60 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x628D60E2 [Tue May 24 22:49:06 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 10 |
OS Version Minor: | 0 |
File Version Major: | 10 |
File Version Minor: | 0 |
Subsystem Version Major: | 10 |
Subsystem Version Minor: | 0 |
Import Hash: | 646167cce332c1c252cdcb1839e0cf48 |
Instruction |
---|
call 00007F2E84770885h |
jmp 00007F2E84770195h |
push 00000058h |
push 004072B8h |
call 00007F2E84770927h |
xor ebx, ebx |
mov dword ptr [ebp-20h], ebx |
lea eax, dword ptr [ebp-68h] |
push eax |
call dword ptr [0040A184h] |
mov dword ptr [ebp-04h], ebx |
mov eax, dword ptr fs:[00000018h] |
mov esi, dword ptr [eax+04h] |
mov edi, ebx |
mov edx, 004088ACh |
mov ecx, esi |
xor eax, eax |
lock cmpxchg dword ptr [edx], ecx |
test eax, eax |
je 00007F2E847701AAh |
cmp eax, esi |
jne 00007F2E84770199h |
xor esi, esi |
inc esi |
mov edi, esi |
jmp 00007F2E847701A2h |
push 000003E8h |
call dword ptr [0040A188h] |
jmp 00007F2E84770169h |
xor esi, esi |
inc esi |
cmp dword ptr [004088B0h], esi |
jne 00007F2E8477019Ch |
push 0000001Fh |
call 00007F2E847706BBh |
pop ecx |
jmp 00007F2E847701CCh |
cmp dword ptr [004088B0h], ebx |
jne 00007F2E847701BEh |
mov dword ptr [004088B0h], esi |
push 004010C4h |
push 004010B8h |
call 00007F2E847702E6h |
pop ecx |
pop ecx |
test eax, eax |
je 00007F2E847701A9h |
mov dword ptr [ebp-04h], FFFFFFFEh |
mov eax, 000000FFh |
jmp 00007F2E847702C9h |
mov dword ptr [004081E4h], esi |
cmp dword ptr [004088B0h], esi |
jne 00007F2E847701ADh |
push 004010B4h |
push 004010ACh |
call 00007F2E84770875h |
pop ecx |
pop ecx |
mov dword ptr [000088B0h], 00000000h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa28c | 0xb4 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc000 | 0xc91dc | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xd6000 | 0x888 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x1410 | 0x54 | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x1008 | 0x40 | .text |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xa000 | 0x288 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6314 | 0x6400 | False | 0.5744140625 | data | 6.314163792045976 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x8000 | 0x1a48 | 0x200 | False | 0.609375 | data | 4.970639543960129 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0xa000 | 0x1052 | 0x1200 | False | 0.4140625 | data | 5.025949912909207 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0xc000 | 0xca000 | 0xc9200 | False | 0.963081203387197 | data | 7.941788024498656 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xd6000 | 0x888 | 0xa00 | False | 0.746484375 | data | 6.222637930812128 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
AVI | 0xc9f8 | 0x2e1a | RIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bpp | English | United States |
RT_ICON | 0xf814 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States |
RT_ICON | 0xfe7c | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States |
RT_ICON | 0x10164 | 0x1e8 | Device independent bitmap graphic, 24 x 48 x 4, image size 288 | English | United States |
RT_ICON | 0x1034c | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States |
RT_ICON | 0x10474 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | English | United States |
RT_ICON | 0x1131c | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States |
RT_ICON | 0x11bc4 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | English | United States |
RT_ICON | 0x1228c | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States |
RT_ICON | 0x127f4 | 0xd9d2 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x201c8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States |
RT_ICON | 0x22770 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States |
RT_ICON | 0x23818 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States |
RT_ICON | 0x241a0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_DIALOG | 0x24608 | 0x2f2 | data | English | United States |
RT_DIALOG | 0x248fc | 0x1b0 | data | English | United States |
RT_DIALOG | 0x24aac | 0x166 | data | English | United States |
RT_DIALOG | 0x24c14 | 0x1c0 | data | English | United States |
RT_DIALOG | 0x24dd4 | 0x130 | data | English | United States |
RT_DIALOG | 0x24f04 | 0x120 | data | English | United States |
RT_STRING | 0x25024 | 0x8c | Matlab v4 mat-file (little endian) l, numeric, rows 0, columns 0 | English | United States |
RT_STRING | 0x250b0 | 0x520 | data | English | United States |
RT_STRING | 0x255d0 | 0x5cc | data | English | United States |
RT_STRING | 0x25b9c | 0x4b0 | data | English | United States |
RT_STRING | 0x2604c | 0x44a | data | English | United States |
RT_STRING | 0x26498 | 0x3ce | data | English | United States |
RT_RCDATA | 0x26868 | 0x7 | ASCII text, with no line terminators | English | United States |
RT_RCDATA | 0x26870 | 0xadc4b | Microsoft Cabinet archive data, many, 711755 bytes, 2 files, at 0x2c +A "niba6381.exe" +A "l91ip55.exe", ID 1893, number 1, 28 datablocks, 0x1503 compression | English | United States |
RT_RCDATA | 0xd44bc | 0x4 | data | English | United States |
RT_RCDATA | 0xd44c0 | 0x24 | data | English | United States |
RT_RCDATA | 0xd44e4 | 0x7 | ASCII text, with no line terminators | English | United States |
RT_RCDATA | 0xd44ec | 0x7 | ASCII text, with no line terminators | English | United States |
RT_RCDATA | 0xd44f4 | 0x4 | data | English | United States |
RT_RCDATA | 0xd44f8 | 0xc | data | English | United States |
RT_RCDATA | 0xd4504 | 0x4 | data | English | United States |
RT_RCDATA | 0xd4508 | 0xd | ASCII text, with no line terminators | English | United States |
RT_RCDATA | 0xd4518 | 0x4 | data | English | United States |
RT_RCDATA | 0xd451c | 0x7 | ASCII text, with no line terminators | English | United States |
RT_RCDATA | 0xd4524 | 0x7 | ASCII text, with no line terminators | English | United States |
RT_RCDATA | 0xd452c | 0x7 | ASCII text, with no line terminators | English | United States |
RT_GROUP_ICON | 0xd4534 | 0xbc | data | English | United States |
RT_VERSION | 0xd45f0 | 0x408 | data | English | United States |
RT_MANIFEST | 0xd49f8 | 0x7e2 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | GetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges |
KERNEL32.dll | _lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA |
GDI32.dll | GetDeviceCaps |
USER32.dll | SetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics |
msvcrt.dll | _controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset |
COMCTL32.dll | |
Cabinet.dll | |
VERSION.dll | GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 21:03:30 |
Start date: | 18/03/2023 |
Path: | C:\Users\user\Desktop\dh58NtARpk.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbe0000 |
File size: | 858112 bytes |
MD5 hash: | 2032B7D145FE0F407B98C2A48062EE79 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Target ID: | 1 |
Start time: | 21:03:31 |
Start date: | 18/03/2023 |
Path: | C:\Users\user\AppData\Local\Temp\IXP000.TMP\niba6381.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcc0000 |
File size: | 712704 bytes |
MD5 hash: | E932D020D5BCC91C42D7895B0C015B9F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Target ID: | 2 |
Start time: | 21:03:32 |
Start date: | 18/03/2023 |
Path: | C:\Users\user\AppData\Local\Temp\IXP001.TMP\niba7464.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbc0000 |
File size: | 353280 bytes |
MD5 hash: | F3CABEEFAC76CD6579D2F50C697BE89E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Target ID: | 3 |
Start time: | 21:03:32 |
Start date: | 18/03/2023 |
Path: | C:\Users\user\AppData\Local\Temp\IXP002.TMP\f6228Ih.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x160000 |
File size: | 11264 bytes |
MD5 hash: | 7E93BACBBC33E6652E147E7FE07572A0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Antivirus matches: |
|
Reputation: | high |
Target ID: | 4 |
Start time: | 21:03:39 |
Start date: | 18/03/2023 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70bcc0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 5 |
Start time: | 21:03:45 |
Start date: | 18/03/2023 |
Path: | C:\Users\user\AppData\Local\Temp\IXP002.TMP\h27pP32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 341504 bytes |
MD5 hash: | D8B9F9B9746A572D47B8CF13539512F6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Target ID: | 6 |
Start time: | 21:03:50 |
Start date: | 18/03/2023 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70bcc0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 16 |
Start time: | 21:03:59 |
Start date: | 18/03/2023 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70bcc0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Execution Graph
Execution Coverage: | 28.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 30.7% |
Total number of Nodes: | 962 |
Total number of Limit Nodes: | 26 |
Graph
Callgraph
Function 00BE202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
Control-flow Graph
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
Control-flow Graph
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE3FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
Control-flow Graph
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
C-Code - Quality: 70% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE6F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
Control-flow Graph
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
Control-flow Graph
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
Control-flow Graph
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE6A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
Control-flow Graph
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
Control-flow Graph
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE4B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
C-Code - Quality: 60% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE6CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
C-Code - Quality: 50% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
C-Code - Quality: 57% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE28E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
C-Code - Quality: 32% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE6517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BE69B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 28.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 959 |
Total number of Limit Nodes: | 24 |
Graph
Callgraph
Function 00CC3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
C-Code - Quality: 70% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC6F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
Control-flow Graph
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
Control-flow Graph
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
Control-flow Graph
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
Control-flow Graph
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
Control-flow Graph
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC6A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
Control-flow Graph
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
Control-flow Graph
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC3FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
Control-flow Graph
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC4B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
C-Code - Quality: 60% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC6CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
C-Code - Quality: 50% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
C-Code - Quality: 57% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC28E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
C-Code - Quality: 32% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC6517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00CC69B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 26.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 969 |
Total number of Limit Nodes: | 43 |
Graph
Callgraph
Function 00BC3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMONCrypto
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
C-Code - Quality: 70% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC6F40 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
Control-flow Graph
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
Control-flow Graph
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
Control-flow Graph
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
Control-flow Graph
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
Control-flow Graph
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC6A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
Control-flow Graph
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
Control-flow Graph
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC3FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
Control-flow Graph
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC4B60 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMONCrypto
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
C-Code - Quality: 60% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC6CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
C-Code - Quality: 50% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
C-Code - Quality: 57% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC28E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
C-Code - Quality: 32% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC6517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BC69B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 59.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 28.6% |
Total number of Nodes: | 21 |
Total number of Limit Nodes: | 0 |
Graph
Callgraph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004019F0 Relevance: 147.7, APIs: 34, Strings: 50, Instructions: 747comprocessCOMMON
Control-flow Graph
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044E092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044E003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018F0 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
Control-flow Graph
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AF66 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
Control-flow Graph
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044E0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A2A1A8 Relevance: 1.8, APIs: 1, Instructions: 299COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A299E8 Relevance: 1.6, APIs: 1, Instructions: 92serviceCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A29920 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A29180 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A2A0E8 Relevance: 1.6, APIs: 1, Instructions: 54serviceCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A29350 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A29CC8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A29ED8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D534 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EA0A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
C-Code - Quality: 25% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044E0920 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0451D006 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0451D01D Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ADB0 Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044E0D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044F083C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 57COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044F499F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414738 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
C-Code - Quality: 90% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044F4961 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C73D Relevance: 7.6, APIs: 5, Instructions: 64COMMON
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413610 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044E1B57 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044EBD11 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 044E5F67 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D00 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
C-Code - Quality: 97% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BAAA Relevance: 6.1, APIs: 4, Instructions: 137COMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |