Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 92 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 3320 cmdline:
C:\Users\u ser\Deskto p\file.exe MD5: E2C4C4DD8C6A357ECA164955A8FE040C) - cmd.exe (PID: 5724 cmdline:
C:\Windows \system32\ cmd.exe /c CleanZUpd ater.bat MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 5744 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - Baldi.exe (PID: 3156 cmdline:
C:\Baldi\B aldi.exe MD5: 515BC425DAA9558E4A12A917E7DFC701) - taskkill.exe (PID: 5436 cmdline:
"C:\Window s\System32 \taskkill. exe" /f /i m explorer .exe MD5: 15E2E0ACD891510C6268CB8899F2A1A1) - conhost.exe (PID: 6844 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - DisableUAC.exe (PID: 7140 cmdline:
C:\Baldi\D isableUAC. exe MD5: 9AD923E0B582D7520DBD655C36C1CDD5) - conhost.exe (PID: 5332 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - cmd.exe (PID: 6040 cmdline:
C:\Windows \system32\ cmd" /c "C :\Users\us er\AppData \Local\Tem p\FC2B.tmp \FC2C.bat C:\Baldi\D isableUAC. exe MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - reg.exe (PID: 5744 cmdline:
reg ADD "H KEY_LOCAL_ MACHINE\SO FTWARE\Mic rosoft\Win dows\Curre ntVersion\ Policies\S ystem" /v EnableLUA /t REG_DWO RD /d 0 /f MD5: E3DACF0B31841FA02064B4457D44B357) - shutdown.exe (PID: 3816 cmdline:
shutdown - r -t 1 -c "BALDI EVI L..." MD5: 7A22F98F0B7BAEEF5FE1965F075A5E95)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security | ||
JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security | ||
JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security | ||
JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security | ||
JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security | ||
Click to see the 16 entries |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00405D07 | |
Source: | Code function: | 0_2_00405331 | |
Source: | Code function: | 0_2_0040263E |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
Source: | Code function: | 4_2_000000014000E9BC |
Source: | Code function: | 0_2_00404EE8 |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | Key value created or modified: | Jump to behavior |
System Summary |
---|
Source: | Process created: |
Source: | Static PE information: |
Source: | Code function: | 0_2_004030FA |
Source: | Code function: | 0_2_00406128 | |
Source: | Code function: | 0_2_004046F9 | |
Source: | Code function: | 0_2_004068FF | |
Source: | Code function: | 4_3_021A79B8 | |
Source: | Code function: | 4_2_000000014000A15C | |
Source: | Code function: | 4_2_0000000140012B80 | |
Source: | Code function: | 4_2_00000001400127C0 | |
Source: | Code function: | 4_2_000000014000DFD0 |
Source: | Process created: |
Source: | Static PE information: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_00402020 |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_004041FC |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Process created: |
Source: | Window found: | Jump to behavior |
Source: | Window detected: |
Source: | Static file information: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 4_2_000000014001BA99 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00405D2E |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: | 0_2_00405D07 | |
Source: | Code function: | 0_2_00405331 | |
Source: | Code function: | 0_2_0040263E |
Source: | API call chain: | graph_0-2817 |
Source: | Code function: | 0_2_00405D2E |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00405A2E |
Lowering of HIPS / PFW / Operating System Security Settings |
---|
Source: | Registry key created or modified: | Jump to behavior |
Source: | Registry value created: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 12 Process Injection | 21 Disable or Modify Tools | 2 Input Capture | 1 Security Software Discovery | Remote Services | 2 Input Capture | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 11 System Shutdown/Reboot |
Default Accounts | 1 Scripting | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Modify Registry | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 1 Archive Collected Data | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Native API | Logon Script (Windows) | Logon Script (Windows) | 12 Process Injection | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | 1 Clipboard Data | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Scripting | NTDS | 14 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
73% | ReversingLabs | Win32.Backdoor.DarkComet | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/BAS.Samca.amdgw | ||
100% | Avira | TR/AD.Nekark.sjwrf | ||
100% | Avira | DR/Delphi.Gen | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
70% | ReversingLabs | Win32.Trojan.Samca | ||
21% | ReversingLabs | Win64.Trojan.Generic | ||
75% | ReversingLabs | Win64.Trojan.Nekark | ||
71% | ReversingLabs | Win32.Rootkit.Abobus |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
Joe Sandbox Version: | 37.1.0 Beryl |
Analysis ID: | 882703 |
Start date and time: | 2023-06-06 17:15:38 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | file.exe |
Detection: | MAL |
Classification: | mal92.rans.evad.winEXE@19/8@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: file.exe
Time | Type | Description |
---|---|---|
17:16:42 | Autostart | |
17:16:50 | Autostart |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 248823 |
Entropy (8bit): | 7.546210558954595 |
Encrypted: | false |
SSDEEP: | 6144:+vlzl1lcxbHrXiUl8vr6kSWyYqaaBh6P8IkxR/3t:+vlVQl8vr6LH1B//t |
MD5: | 6D5F23F17EE8EA50408555EB4BB5BE89 |
SHA1: | 267B0E75E69405B8472654FE7327E4F4D70782B6 |
SHA-256: | 69D1A8275264511E2FB77EAC49F0F64494C2BEB1752AAE347CDFF47CB587C1E4 |
SHA-512: | 50A50A5C42A5C1D44AB42B1BBE5981A0FF6BE6C57AF010B9206E1432516F9589DFC889BC5246F00A595ECD5B879ACF1A1F1059E44662E25827B46384ACB66E0F |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13049579 |
Entropy (8bit): | 5.758905606569735 |
Encrypted: | false |
SSDEEP: | 98304:4PyiUHCa1abtUvA5b1PSqhRLuaY673+/4ByCNlFSB+sgpDhsfC2PDORalZLCwpo3:ww2U4tuWbDa9PY |
MD5: | 515BC425DAA9558E4A12A917E7DFC701 |
SHA1: | BEF7A2A3F78189922BE2B1F59B9E2636C6A8156E |
SHA-256: | FD27FB8B14A5FA99BBA87560510030A5AB9DF47E4F7584CB4D0E31C04E11808B |
SHA-512: | 41B2B95AEA7ED7BC039F64146581BA695AF8A441CFB7CBA989D2204FE47F8DE974334C224A085F30FBC3FC51455986A73C3BDB90952F1E7BC9B6C8074432DBDC |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66 |
Entropy (8bit): | 4.528650179702277 |
Encrypted: | false |
SSDEEP: | 3:mKDDlR+aRMgACL+aROWuM8AC:hOaSgNiaZRC |
MD5: | B54E64A1F0B58D09CF57D983D7BA7361 |
SHA1: | D6C36454390BE4EEA41512BD39A9C68D77F614BF |
SHA-256: | 2683D451AB3423E25BCBECA902E6B586D0D9E8689C9C1BB6DCA47BFAE547A7D7 |
SHA-512: | 583A6B07D584A433A78C8A948807CAF5D1BFA0A1B8EF6DCF5A7F67DB38E03BAF875CABDC91F974276295C01485B78C11002B4CF10F08346AB92C2375479BEB0A |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 6.27337799955346 |
Encrypted: | false |
SSDEEP: | 1536:lD5s9u/O4wppE7b6Ca9wOxibBjPm8YEZDVAguwWx4c6fFSq35t:3s9uWfE7mt+BzXYEZDVAgVWuc69Sq35t |
MD5: | 9AD923E0B582D7520DBD655C36C1CDD5 |
SHA1: | 189C9B2C40F0A84AF365E0BB8B88E97243560CC3 |
SHA-256: | F5ADD589DA4BFB1492531306D12E84EF27BFCB0C31FF51FED710215765AC95F4 |
SHA-512: | EA73A7E5262FD148BC8B5D7D5A7C20A1C6683DEFB7C2EA48CDC22595420307B18CA20ECAF1135AD24131D2AB6CE1346E3ABF78ABED0E2728878C0F993509FB0C |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 107520 |
Entropy (8bit): | 6.299970440877681 |
Encrypted: | false |
SSDEEP: | 1536:pD5s9u/O4wppE7b6Ca9wOxibBjPm8YEZDVAguwWx4c6fFSqF4D:zs9uWfE7mt+BzXYEZDVAgVWuc69SqFc |
MD5: | 58F681015149CE6C120E5B9F55761D2C |
SHA1: | A71E4A2E95493E69D9233C66E096C19B6AFD8147 |
SHA-256: | C09D5F30C31A01A4E0F8EA829278D8D4E99A20E122EACD7648E5C9C605256290 |
SHA-512: | 0D6746DDF605AC718DC750E6E65131ECDE410B2548616C404D263C4647149DBFEA1922AAEF5277012D90A07B548AC7D9C9EDAB5DE38B54BB9CA8F7C1F1D16457 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 151955 |
Entropy (8bit): | 7.990244705539055 |
Encrypted: | true |
SSDEEP: | 3072:dB1lj5X8Ll5YSBw08P47iGR64EjueyjjPQ3FKxu6aSNKkfM7xBTLmtoNDFuSzbDe:f9e5YjN4zR6paM77LPN5uSzb4WG |
MD5: | 41C46F443E8EE13BFAA86399EB6EE3F8 |
SHA1: | E1DE323885E86321591D6B31C3354FE2F7236510 |
SHA-256: | 88135E8CED1DDD25E2D92FBC5AB19B5C251CD8FDB8303CF4026EC644A989A8AB |
SHA-512: | E638200B40A19FE282DD7F1BA38558BD02D81F7DD10765E0207E2B2F77B9840848C8A9982092D02E76DEA76C12B3EF6DB5C9F8EE896B8AEEA475F9118D32AC18 |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 61440 |
Entropy (8bit): | 5.173437012266276 |
Encrypted: | false |
SSDEEP: | 768:4eMSZqVQuw+qdWSMzKAX9DCn4PLbz5DnNSN4at2bhBXuY8xX:TZqVQcZzXJC2ClktoZxX |
MD5: | 74E58B34423DDF2A72789D9927C5578D |
SHA1: | 4F43E0E17BF802CA32A55FCD0612F1A16A14F9DC |
SHA-256: | 28DEDDCA10A4D9081BDF3BAB9E7E66A53B5DE493B062B1FD124BDF41F386AED1 |
SHA-512: | 6CFC02BF6C46E2219B2A8FEE45D8E537DC86B6563FD6E94FA72ABDAFEDC8B1A1B44A537EFE9BCDA011426585D82AB17E7C8025A1E7A44271A63D8ABE0E904F59 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Baldi\DisableUAC.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 186 |
Entropy (8bit): | 5.385562223264799 |
Encrypted: | false |
SSDEEP: | 3:NNgnzKDDEFkhhPk6pdgLxqrZfyM1K7eB/k+7W1nEHfnKyMhF6LFsIlGFIYh9n:NS0QePzYLxiH1jhRiRe66ibFpz |
MD5: | A708B066FDA65F8D7F94A2CBD4919B0F |
SHA1: | 5C723E4F1BA46B5CB6813B5DB490DD63748CB07C |
SHA-256: | 754D5B111EC7225C4D643142DDF0DFAAB585F12B2F69BCCA088ABBD0D23A5A79 |
SHA-512: | 75B7A6401EBFB2AA9194FF3EF48F8C23044342DDB2F2B9B33020B6EC7592DD2A1B0546EF7387641FB17CCCD7F726FE665386C471F01B4E715D7E9B713BAA1BC5 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.989999812901478 |
TrID: |
|
File name: | file.exe |
File size: | 4444053 |
MD5: | e2c4c4dd8c6a357eca164955a8fe040c |
SHA1: | f4114815bce62efbc78c79f9a83ccf74a4ea075c |
SHA256: | f3efe3b57a0f5cc46963dbd8832ceecd5768117685b4cee684b1235d9e74ebe5 |
SHA512: | 389bf398f9f9f6ae7e6dfca835f5877befa4ebfee5938d4b50728d77fb0450b2eb2cb67e3f4d9abaaad77231754968b27c69a510448dfd7f52c63b1ce3a1c3e1 |
SSDEEP: | 98304:3c9jNgez/S9bL+M0QVtYD0JCqfZlVcc9uNSwfrNaSQHbfU0qC:s95zk0mtyTqj6W4SGYSQ/qC |
TLSH: | A326338694B17BDBFA050133A1793EA9796BFCE7D54A040A14DEB4E13DF3983026BC91 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................^......... |
Icon Hash: | 1da6b3b3a28ecd71 |
Entrypoint: | 0x4030fa |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x4B1AE3CC [Sat Dec 5 22:50:52 2009 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 7fa974366048f9c551ef45714595665e |
Instruction |
---|
sub esp, 00000180h |
push ebx |
push ebp |
push esi |
xor ebx, ebx |
push edi |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 00409160h |
xor esi, esi |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [00407030h] |
push 00008001h |
call dword ptr [004070B0h] |
push ebx |
call dword ptr [0040727Ch] |
push 00000008h |
mov dword ptr [0042EC18h], eax |
call 00007FF8F0C45416h |
mov dword ptr [0042EB64h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 00000160h |
push eax |
push ebx |
push 00428F98h |
call dword ptr [00407158h] |
push 00409154h |
push 0042E360h |
call 00007FF8F0C450C9h |
call dword ptr [004070ACh] |
mov edi, 00434000h |
push eax |
push edi |
call 00007FF8F0C450B7h |
push ebx |
call dword ptr [0040710Ch] |
cmp byte ptr [00434000h], 00000022h |
mov dword ptr [0042EB60h], eax |
mov eax, edi |
jne 00007FF8F0C4282Ch |
mov byte ptr [esp+14h], 00000022h |
mov eax, 00434001h |
push dword ptr [esp+14h] |
push eax |
call 00007FF8F0C44BAAh |
push eax |
call dword ptr [0040721Ch] |
mov dword ptr [esp+1Ch], eax |
jmp 00007FF8F0C42885h |
cmp cl, 00000020h |
jne 00007FF8F0C42828h |
inc eax |
cmp byte ptr [eax], 00000020h |
je 00007FF8F0C4281Ch |
cmp byte ptr [eax], 00000022h |
mov byte ptr [eax+eax+00h], 00000000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x74b0 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x39000 | 0x1da18 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x28c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5c4c | 0x5e00 | False | 0.6697140957446809 | data | 6.440105549497952 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x129c | 0x1400 | False | 0.43359375 | data | 5.046835307909969 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x25c58 | 0x400 | False | 0.5849609375 | data | 4.801003752715384 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x2f000 | 0xa000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x39000 | 0x1da18 | 0x1dc00 | False | 0.5146320246848739 | data | 6.109333894738636 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x39190 | 0x1d3a8 | Device independent bitmap graphic, 170 x 340 x 32, image size 115600 | English | United States |
RT_DIALOG | 0x56538 | 0x100 | data | English | United States |
RT_DIALOG | 0x56638 | 0x11c | data | English | United States |
RT_DIALOG | 0x56758 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x567b8 | 0x14 | data | English | United States |
RT_VERSION | 0x567d0 | 0x244 | data | Russian | Russia |
DLL | Import |
---|---|
KERNEL32.dll | CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA |
USER32.dll | EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow |
GDI32.dll | SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject |
SHELL32.dll | SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation |
ADVAPI32.dll | RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance |
VERSION.dll | GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Russian | Russia |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 17:16:36 |
Start date: | 06/06/2023 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 4444053 bytes |
MD5 hash: | E2C4C4DD8C6A357ECA164955A8FE040C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 1 |
Start time: | 17:16:37 |
Start date: | 06/06/2023 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 2 |
Start time: | 17:16:37 |
Start date: | 06/06/2023 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff745070000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 3 |
Start time: | 17:16:38 |
Start date: | 06/06/2023 |
Path: | C:\Baldi\Baldi.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 13049579 bytes |
MD5 hash: | 515BC425DAA9558E4A12A917E7DFC701 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Antivirus matches: |
|
Reputation: | low |
Target ID: | 4 |
Start time: | 17:16:40 |
Start date: | 06/06/2023 |
Path: | C:\Baldi\DisableUAC.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x140000000 |
File size: | 106496 bytes |
MD5 hash: | 9AD923E0B582D7520DBD655C36C1CDD5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Target ID: | 5 |
Start time: | 17:16:40 |
Start date: | 06/06/2023 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff745070000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 6 |
Start time: | 17:16:40 |
Start date: | 06/06/2023 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb10000 |
File size: | 74752 bytes |
MD5 hash: | 15E2E0ACD891510C6268CB8899F2A1A1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 7 |
Start time: | 17:16:40 |
Start date: | 06/06/2023 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff707bb0000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 8 |
Start time: | 17:16:40 |
Start date: | 06/06/2023 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff745070000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 9 |
Start time: | 17:16:41 |
Start date: | 06/06/2023 |
Path: | C:\Windows\System32\reg.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7447d0000 |
File size: | 72704 bytes |
MD5 hash: | E3DACF0B31841FA02064B4457D44B357 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Target ID: | 10 |
Start time: | 17:16:41 |
Start date: | 06/06/2023 |
Path: | C:\Windows\System32\shutdown.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff65a9e0000 |
File size: | 26624 bytes |
MD5 hash: | 7A22F98F0B7BAEEF5FE1965F075A5E95 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Execution Graph
Execution Coverage: | 12.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 22.7% |
Total number of Nodes: | 1213 |
Total number of Limit Nodes: | 22 |
Graph
Function 004030FA Relevance: 70.3, APIs: 24, Strings: 16, Instructions: 270filestringcomCOMMON
Control-flow Graph
C-Code - Quality: 81% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403555 Relevance: 49.2, APIs: 15, Strings: 13, Instructions: 216stringregistrylibraryCOMMON
Control-flow Graph
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 78% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E5B Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174fileCOMMON
Control-flow Graph
C-Code - Quality: 95% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401734 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147stringtimeCOMMON
Control-flow Graph
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040526C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
Control-flow Graph
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004056E3 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
Control-flow Graph
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004056C4 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040307D Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004030AF Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040347B Relevance: 1.3, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404EE8 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004046F9 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004041FC Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 266stringCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405331 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A2E Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 197stringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D07 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040263E Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406128 Relevance: .3, Instructions: 334COMMONCrypto
C-Code - Quality: 79% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004068FF Relevance: .3, Instructions: 300COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403F06 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 204windowstringCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040575A Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403E25 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404679 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B3B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401F51 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
C-Code - Quality: 59% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404597 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004054FF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401EC5 Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D1B Relevance: 6.0, APIs: 4, Instructions: 34COMMON
C-Code - Quality: 67% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402BBE Relevance: 6.0, APIs: 4, Instructions: 33COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404CFA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405546 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405658 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 14.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 1.4% |
Total number of Nodes: | 1356 |
Total number of Limit Nodes: | 25 |
Graph
Function 000000014000A15C Relevance: 57.3, APIs: 38, Instructions: 334stringmemorypipeCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140004F26 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 275COMMON
Control-flow Graph
C-Code - Quality: 19% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400116A4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57registrywindowCOMMON
Control-flow Graph
C-Code - Quality: 20% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400108A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140001000 Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 616memoryCOMMON
Control-flow Graph
C-Code - Quality: 59% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000EBFC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 28% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 21% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140010FC0 Relevance: 4.6, APIs: 3, Instructions: 69filememoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 42% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 23% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400109D4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000BE90 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000A6F4 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000E9BC Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 91keyboardwindowstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000DFD0 Relevance: 28.4, APIs: 13, Strings: 3, Instructions: 361windowCOMMONCrypto
C-Code - Quality: 29% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400127C0 Relevance: 9.2, APIs: 6, Instructions: 159memoryfileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000E7FC Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 94stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400099D8 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 113librarystringloaderCOMMON
C-Code - Quality: 21% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000D6E4 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 74memorywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000D8C0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 216memoryregistryCOMMON
C-Code - Quality: 21% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000C538 Relevance: 21.1, APIs: 14, Instructions: 92memorywindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000EB1C Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 58libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000CD34 Relevance: 18.1, APIs: 12, Instructions: 84memorywindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140015594 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000D198 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000AF24 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 96memoryfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140015488 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000F3F0 Relevance: 13.6, APIs: 9, Instructions: 116memorywindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000EEC8 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 177COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000F290 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 86windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140009B9C Relevance: 12.0, APIs: 8, Instructions: 44threadwindowCOMMON
C-Code - Quality: 16% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000A924 Relevance: 10.6, APIs: 7, Instructions: 125memoryfileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140013E2C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53librarysleeploaderCOMMON
C-Code - Quality: 44% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140010C90 Relevance: 9.1, APIs: 6, Instructions: 131filememoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000ABD0 Relevance: 9.1, APIs: 6, Instructions: 92memoryfilestringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000AD20 Relevance: 9.1, APIs: 6, Instructions: 72memoryfileCOMMON
C-Code - Quality: 26% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000E514 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
C-Code - Quality: 27% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000D2B8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 27% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000AAFC Relevance: 7.6, APIs: 5, Instructions: 53filememoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000378D Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 349COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000CB0C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000A788 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47filememoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000A850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42filememoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 29% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000C724 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
C-Code - Quality: 31% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000CE6C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
C-Code - Quality: 35% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000DF04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140009E04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000D3C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000D438 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
C-Code - Quality: 18% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014000D37C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400069B0 Relevance: 5.2, APIs: 4, Instructions: 164memorystringCOMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140013960 Relevance: 5.1, APIs: 4, Instructions: 121memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140012390 Relevance: 5.1, APIs: 4, Instructions: 75memorystringCOMMON
C-Code - Quality: 31% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 20% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |