Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 7424 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 9FB56DD5B5BEB0B9C5D0102F22373C0B) - cmd.exe (PID: 7468 cmdline:
C:\Windows \system32\ cmd.exe /c ""C:\User s\user\App Data\Local \Temp\RarS FX0\1.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 7476 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["demonstationfukewko.shop", "liabilitynighstjsko.shop", "alcojoldwograpciw.shop", "incredibleextedwj.shop", "shortsvelventysjo.shop", "shatterbreathepsw.shop", "tolerateilusidjukl.shop", "productivelookewr.shop", "incredibleextedwj.shop"], "Build id": "pGlMMn--333"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Timestamp: | 05/01/24-01:25:06.255482 |
SID: | 2052223 |
Source Port: | 49737 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/01/24-01:25:00.242039 |
SID: | 2052223 |
Source Port: | 49732 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/01/24-01:24:57.366685 |
SID: | 2052216 |
Source Port: | 57592 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/01/24-01:25:04.770099 |
SID: | 2052223 |
Source Port: | 49736 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/01/24-01:24:57.481150 |
SID: | 2052223 |
Source Port: | 49730 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/01/24-01:25:01.199120 |
SID: | 2052223 |
Source Port: | 49733 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/01/24-01:24:58.233953 |
SID: | 2052223 |
Source Port: | 49731 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/01/24-01:25:02.950883 |
SID: | 2052223 |
Source Port: | 49735 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/01/24-01:25:02.071312 |
SID: | 2052223 |
Source Port: | 49734 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | ||
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_000DBA94 | |
Source: | Code function: | 0_2_000ED420 | |
Source: | Code function: | 3_2_009EBA94 | |
Source: | Code function: | 3_2_009FD420 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Static PE information: |
Source: | Code function: | 0_2_000D7AAF |
Source: | Code function: | 0_2_000D92C6 | |
Source: | Code function: | 0_2_000E5011 | |
Source: | Code function: | 0_2_000E8253 | |
Source: | Code function: | 0_2_000E5282 | |
Source: | Code function: | 0_2_000F62A8 | |
Source: | Code function: | 0_2_000E02F7 | |
Source: | Code function: | 0_2_000E13FD | |
Source: | Code function: | 0_2_000E742E | |
Source: | Code function: | 0_2_000F64D7 | |
Source: | Code function: | 0_2_000E55B0 | |
Source: | Code function: | 0_2_000FE600 | |
Source: | Code function: | 0_2_000E07A7 | |
Source: | Code function: | 0_2_000DD833 | |
Source: | Code function: | 0_2_000E88AF | |
Source: | Code function: | 0_2_000D395A | |
Source: | Code function: | 0_2_000D4A8E | |
Source: | Code function: | 0_2_000FEAAE | |
Source: | Code function: | 0_2_00102BB4 | |
Source: | Code function: | 0_2_000DFCCC | |
Source: | Code function: | 0_2_000E7DDC | |
Source: | Code function: | 0_2_000D2EB6 | |
Source: | Code function: | 3_2_009E92C6 | |
Source: | Code function: | 3_2_009F5011 | |
Source: | Code function: | 3_2_00A062A8 | |
Source: | Code function: | 3_2_009F5282 | |
Source: | Code function: | 3_2_009F02F7 | |
Source: | Code function: | 3_2_009F8253 | |
Source: | Code function: | 3_2_009F13FD | |
Source: | Code function: | 3_2_00A064D7 | |
Source: | Code function: | 3_2_009F742E | |
Source: | Code function: | 3_2_009F55B0 | |
Source: | Code function: | 3_2_00A0E600 | |
Source: | Code function: | 3_2_009F07A7 | |
Source: | Code function: | 3_2_009F88AF | |
Source: | Code function: | 3_2_009ED833 | |
Source: | Code function: | 3_2_009E395A | |
Source: | Code function: | 3_2_00A0EAAE | |
Source: | Code function: | 3_2_009E4A8E | |
Source: | Code function: | 3_2_00A12BB4 | |
Source: | Code function: | 3_2_009EFCCC | |
Source: | Code function: | 3_2_009F7DDC | |
Source: | Code function: | 3_2_009E2EB6 |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_000D7727 |
Source: | Code function: | 0_2_000EB6D2 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Command line argument: | 0_2_000EF05C | |
Source: | Command line argument: | 0_2_000EF05C | |
Source: | Command line argument: | 0_2_000EF05C | |
Source: | Command line argument: | 3_2_009FF05C | |
Source: | Command line argument: | 3_2_009FF05C | |
Source: | Command line argument: | 3_2_009FF05C |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_000F0803 | |
Source: | Code function: | 0_2_000EFF1A | |
Source: | Code function: | 3_2_00A00803 | |
Source: | Code function: | 3_2_009FFF1A |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Check user administrative privileges: | graph_0-25411 | ||
Source: | Check user administrative privileges: | graph_3-25723 |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Code function: | 0_2_000DBA94 | |
Source: | Code function: | 0_2_000ED420 | |
Source: | Code function: | 3_2_009EBA94 | |
Source: | Code function: | 3_2_009FD420 |
Source: | Code function: | 0_2_000EF82F |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-24584 | ||
Source: | API call chain: | graph_3-25011 |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_000F0A0A |
Source: | Code function: | 0_2_000F91B0 | |
Source: | Code function: | 3_2_00A091B0 |
Source: | Code function: | 0_2_000FD1F0 |
Source: | Code function: | 0_2_000F0A0A | |
Source: | Code function: | 0_2_000F0B9D | |
Source: | Code function: | 0_2_000F0D8A | |
Source: | Code function: | 0_2_000F4FEF | |
Source: | Code function: | 3_2_00A00A0A | |
Source: | Code function: | 3_2_00A00B9D | |
Source: | Code function: | 3_2_00A00D8A | |
Source: | Code function: | 3_2_00A04FEF |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_000EBEFF |
Source: | Code function: | 0_2_000F0826 |
Source: | Code function: | 0_2_000EC093 | |
Source: | Code function: | 3_2_009FC093 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_000EF05C |
Source: | Code function: | 0_2_000DC365 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 1 Windows Management Instrumentation | 1 Scripting | 11 Process Injection | 11 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Credential API Hooking | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Process Injection | 1 Credential API Hooking | 441 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 Native API | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 11 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 31 Data from Local System | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | 1 PowerShell | Login Hook | Login Hook | 2 Obfuscated Files or Information | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Software Packing | LSA Secrets | 12 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 136 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
54% | ReversingLabs | Win32.Trojan.Smokeloader |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1352800 | ||
100% | Joe Sandbox ML | |||
18% | ReversingLabs | |||
41% | ReversingLabs | Win32.Trojan.LummaStealer |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
incredibleextedwj.shop | 172.67.218.63 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.218.63 | incredibleextedwj.shop | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1434404 |
Start date and time: | 2024-05-01 01:24:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@9/3@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): SIHClient.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com
- Execution Graph export aborted for target podaw.exe, PID 7552 because there are no executed function
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: file.exe
Time | Type | Description |
---|---|---|
01:24:55 | API Interceptor | |
01:24:57 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
incredibleextedwj.shop | Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Latrodectus | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | DBatLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35 |
Entropy (8bit): | 4.286146588249911 |
Encrypted: | false |
SSDEEP: | 3:mKDDFRK58FoXMMH:h08Foc2 |
MD5: | FF59D999BEB970447667695CE3273F75 |
SHA1: | 316FA09F467BA90AC34A054DAF2E92E6E2854FF8 |
SHA-256: | 065D2B17AD499587DC9DE7EE9ECDA4938B45DA1DF388BC72E6627DFF220F64D2 |
SHA-512: | D5AC72CB065A3CD3CB118A69A2F356314EEED24DCB4880751E1A3683895E66CEDC62607967E29F77A0C27ADF1C9FE0EFD86E804F693F0A63A5B51B0BF0056B5D |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6067123 |
Entropy (8bit): | 7.98818269968529 |
Encrypted: | false |
SSDEEP: | 98304:cvEbLriWEmQfgLVPn2qQniV0kSybkHXrsfM8n1TQuDFviH345nBIvgj2dKczR:mE7iWWaVP2qeiTHkbYMyTeHcNjEKczR |
MD5: | 8EEEA65D388106B4489D07E025E17FED |
SHA1: | 96651968F724C7DAEC51E74476403899BC7BF8C2 |
SHA-256: | 69EFE73BF8F9669427FB25962D104FB63AE7A4FDB4FB2F0022C7541A72C8A2C3 |
SHA-512: | 1C5966906A89B8E7E83BF382C382E5ECE1CF6827E7BA7E4AB4FC0BA0C91284BF398BF4822C53AAB250520F7FFDE231090A9E44D11493B6BE8921899FB6D944D7 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\AppData\Local\Temp\RarSFX0\work.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5739520 |
Entropy (8bit): | 7.950919133417355 |
Encrypted: | false |
SSDEEP: | 98304:XyMVJDni/BM/DuQBXPaBoWC9Nd3IiUtHu7ocC7qMqWOT1Rbn:XyUDi5M/quM/2f3IdtHu7oc+qMqWOT1R |
MD5: | 125C7EFDEF3F11C70B514739B1BAB646 |
SHA1: | 526560D1FF7636EA4F0404EB74F5DA68F7EB8E23 |
SHA-256: | 2CA04FAD5B8A81264292BB9877CB9C1C9F7A484CD03815EC9BB686DDF70EDEFA |
SHA-512: | E08218E2415A051B9B8B7E6D28E6822341227FC5256F418C22B2B39F6D3D89E763F58B77DBBDFC792F8A8A17870136BE5757C736DB1C98D3437E76500F768261 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.960348454310837 |
TrID: |
|
File name: | file.exe |
File size: | 6'401'863 bytes |
MD5: | 9fb56dd5b5beb0b9c5d0102f22373c0b |
SHA1: | 5559dc162d09c11c1ed80aedf8e9fa86fd531e4c |
SHA256: | a65b290aa9ebfb82746cf75440c19956169f48d7dcbebafde6996c9b46039539 |
SHA512: | ab6c88acddf3350f4da37e20e38fc1bd4ac56433d5320fa071649ddf261cf1b6bb4692b54791e08e47b9e887a87ba5704afde6cb9aa9220c1da7f27c85400a1c |
SSDEEP: | 98304:YPvEbLriWEmQfgLVPn2qQniV0kSybkHXrsfM8n1TQuDFviH345nBIvgj2dKczf:SE7iWWaVP2qeiTHkbYMyTeHcNjEKczf |
TLSH: | 2F563393FAC089B2D02124337A15AB2937FABD301F6189EBD3D5AD6DA9204D06731F57 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w..<.V..w..<.T..w..<.U..w....Z..w.......w.......w.......w....$..w....4..w...w...v.......w.......w....X..w.......w. |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x420790 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x64C8CFB2 [Tue Aug 1 09:26:10 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 0ae9e38912ff6bd742a1b9e5c003576a |
Instruction |
---|
call 00007F8CDCEBAA4Bh |
jmp 00007F8CDCEBA3FDh |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push 00423A90h |
push dword ptr fs:[00000000h] |
mov eax, dword ptr [esp+10h] |
mov dword ptr [esp+10h], ebp |
lea ebp, dword ptr [esp+10h] |
sub esp, eax |
push ebx |
push esi |
push edi |
mov eax, dword ptr [004407A8h] |
xor dword ptr [ebp-04h], eax |
xor eax, ebp |
push eax |
mov dword ptr [ebp-18h], esp |
push dword ptr [ebp-08h] |
mov eax, dword ptr [ebp-04h] |
mov dword ptr [ebp-04h], FFFFFFFEh |
mov dword ptr [ebp-08h], eax |
lea eax, dword ptr [ebp-10h] |
mov dword ptr fs:[00000000h], eax |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
mov ecx, dword ptr [ebp-10h] |
mov dword ptr fs:[00000000h], ecx |
pop ecx |
pop edi |
pop edi |
pop esi |
pop ebx |
mov esp, ebp |
pop ebp |
push ecx |
ret |
push ebp |
mov ebp, esp |
sub esp, 0Ch |
lea ecx, dword ptr [ebp-0Ch] |
call 00007F8CDCEAD291h |
push 0043D14Ch |
lea eax, dword ptr [ebp-0Ch] |
push eax |
call 00007F8CDCEBD0A5h |
int3 |
jmp 00007F8CDCEBEF78h |
push ebp |
mov ebp, esp |
and dword ptr [00463D58h], 00000000h |
sub esp, 24h |
or dword ptr [004407A0h], 01h |
push 0000000Ah |
call dword ptr [004341C4h] |
test eax, eax |
je 00007F8CDCEBA732h |
and dword ptr [ebp-10h], 00000000h |
xor eax, eax |
push ebx |
push esi |
push edi |
xor ecx, ecx |
lea edi, dword ptr [ebp-24h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x3e380 | 0x34 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3e3b4 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x66000 | 0xfc04 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x76000 | 0x23dc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x3c1b0 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x366a8 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x34000 | 0x278 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x3d85c | 0x120 | .rdata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x32dcc | 0x32e00 | bf3082787caa3b02fd9d989022806d04 | False | 0.592286355958231 | data | 6.705330880207017 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x34000 | 0xb1d0 | 0xb200 | ba53cf76fc539872e6fb32f5b59318a2 | False | 0.46025719803370785 | data | 5.269843738840559 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x40000 | 0x24750 | 0x1200 | 63d51bc646ae841bb4737f86d3d78592 | False | 0.4058159722222222 | data | 4.083590987791496 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.didat | 0x65000 | 0x1a4 | 0x200 | deb77807258e64170eadd0d48c2f3f11 | False | 0.46484375 | data | 3.5190901598372837 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x66000 | 0xfc04 | 0xfe00 | 0d68545a9289dfbf0ba0cd37f0b3040a | False | 0.2443713090551181 | data | 5.052288456092134 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x76000 | 0x23dc | 0x2400 | e49afaf69d5cac6d9ffa2d43bc30363a | False | 0.7861328125 | data | 6.67388754981222 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
PNG | 0x66674 | 0xb45 | PNG image data, 93 x 302, 8-bit/color RGB, non-interlaced | 1.0027729636048528 | ||
PNG | 0x671bc | 0x15a9 | PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced | 0.9363390441839495 | ||
RT_ICON | 0x68768 | 0x8db | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | 0.8142920158800176 | ||
RT_ICON | 0x69044 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 0 | 0.029168634860651865 | ||
RT_ICON | 0x6d26c | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.047925311203319505 | ||
RT_ICON | 0x6f814 | 0x1a68 | Device independent bitmap graphic, 40 x 80 x 32, image size 0 | 0.05798816568047337 | ||
RT_ICON | 0x7127c | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | 0.06543151969981238 | ||
RT_ICON | 0x72324 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | 0.10327868852459017 | ||
RT_ICON | 0x72cac | 0x6b8 | Device independent bitmap graphic, 20 x 40 x 32, image size 0 | 0.12732558139534883 | ||
RT_ICON | 0x73364 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.10815602836879433 | ||
RT_DIALOG | 0x737cc | 0x2ba | data | 0.5286532951289399 | ||
RT_DIALOG | 0x73a88 | 0x13a | data | 0.6560509554140127 | ||
RT_DIALOG | 0x73bc4 | 0xf2 | data | 0.71900826446281 | ||
RT_DIALOG | 0x73cb8 | 0x14a | data | 0.6 | ||
RT_DIALOG | 0x73e04 | 0x314 | data | 0.47588832487309646 | ||
RT_DIALOG | 0x74118 | 0x24a | data | 0.6279863481228669 | ||
RT_STRING | 0x74364 | 0x1fc | data | 0.421259842519685 | ||
RT_STRING | 0x74560 | 0x246 | data | 0.41924398625429554 | ||
RT_STRING | 0x747a8 | 0x1a6 | data | 0.514218009478673 | ||
RT_STRING | 0x74950 | 0xdc | data | 0.65 | ||
RT_STRING | 0x74a2c | 0x470 | data | 0.3873239436619718 | ||
RT_STRING | 0x74e9c | 0x164 | data | 0.5056179775280899 | ||
RT_STRING | 0x75000 | 0x110 | data | 0.5772058823529411 | ||
RT_STRING | 0x75110 | 0x158 | data | 0.4563953488372093 | ||
RT_STRING | 0x75268 | 0xe8 | data | 0.5948275862068966 | ||
RT_STRING | 0x75350 | 0xe6 | data | 0.5695652173913044 | ||
RT_GROUP_ICON | 0x75438 | 0x76 | data | 0.7457627118644068 | ||
RT_MANIFEST | 0x754b0 | 0x753 | XML 1.0 document, ASCII text, with CRLF line terminators | 0.3957333333333333 |
DLL | Import |
---|---|
KERNEL32.dll | GetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, GetCurrentProcessId, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetTimeFormatW, GetDateFormatW, LocalFree, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapReAlloc, HeapAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage |
OLEAUT32.dll | SysAllocString, SysFreeString, VariantClear |
gdiplus.dll | GdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
05/01/24-01:25:06.255482 | TCP | 2052223 | ET TROJAN Observed Lumma Stealer Related Domain (incredibleextedwj .shop in TLS SNI) | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
05/01/24-01:25:00.242039 | TCP | 2052223 | ET TROJAN Observed Lumma Stealer Related Domain (incredibleextedwj .shop in TLS SNI) | 49732 | 443 | 192.168.2.4 | 172.67.218.63 |
05/01/24-01:24:57.366685 | UDP | 2052216 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (incredibleextedwj .shop) | 57592 | 53 | 192.168.2.4 | 1.1.1.1 |
05/01/24-01:25:04.770099 | TCP | 2052223 | ET TROJAN Observed Lumma Stealer Related Domain (incredibleextedwj .shop in TLS SNI) | 49736 | 443 | 192.168.2.4 | 172.67.218.63 |
05/01/24-01:24:57.481150 | TCP | 2052223 | ET TROJAN Observed Lumma Stealer Related Domain (incredibleextedwj .shop in TLS SNI) | 49730 | 443 | 192.168.2.4 | 172.67.218.63 |
05/01/24-01:25:01.199120 | TCP | 2052223 | ET TROJAN Observed Lumma Stealer Related Domain (incredibleextedwj .shop in TLS SNI) | 49733 | 443 | 192.168.2.4 | 172.67.218.63 |
05/01/24-01:24:58.233953 | TCP | 2052223 | ET TROJAN Observed Lumma Stealer Related Domain (incredibleextedwj .shop in TLS SNI) | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
05/01/24-01:25:02.950883 | TCP | 2052223 | ET TROJAN Observed Lumma Stealer Related Domain (incredibleextedwj .shop in TLS SNI) | 49735 | 443 | 192.168.2.4 | 172.67.218.63 |
05/01/24-01:25:02.071312 | TCP | 2052223 | ET TROJAN Observed Lumma Stealer Related Domain (incredibleextedwj .shop in TLS SNI) | 49734 | 443 | 192.168.2.4 | 172.67.218.63 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 1, 2024 01:24:57.476690054 CEST | 49730 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:57.476732969 CEST | 443 | 49730 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:57.476799965 CEST | 49730 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:57.481149912 CEST | 49730 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:57.481167078 CEST | 443 | 49730 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:57.685045004 CEST | 443 | 49730 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:57.685127020 CEST | 49730 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:57.687494993 CEST | 49730 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:57.687503099 CEST | 443 | 49730 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:57.687716961 CEST | 443 | 49730 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:57.733700037 CEST | 49730 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:57.763854980 CEST | 49730 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:57.763958931 CEST | 49730 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:57.763979912 CEST | 443 | 49730 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.211137056 CEST | 443 | 49730 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.211211920 CEST | 443 | 49730 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.211548090 CEST | 49730 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:58.214119911 CEST | 49730 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:58.214143991 CEST | 443 | 49730 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.233542919 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:58.233577013 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.233688116 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:58.233952999 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:58.233966112 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.432419062 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.432490110 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:58.435652018 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:58.435662031 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.435895920 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.437603951 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:58.437670946 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:58.437690020 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.976330996 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.976371050 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.976424932 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.976454973 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.976486921 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.976514101 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.976528883 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:58.976530075 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:58.976555109 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.976568937 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:58.976775885 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.976809025 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.976819038 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:58.976824999 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.976866007 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:58.976872921 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.977363110 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.977402925 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:24:58.977408886 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.977478027 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:24:58.977521896 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:00.055603027 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:00.055639029 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:00.055656910 CEST | 49731 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:00.055663109 CEST | 443 | 49731 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:00.241590977 CEST | 49732 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:00.241630077 CEST | 443 | 49732 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:00.241708994 CEST | 49732 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:00.242038965 CEST | 49732 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:00.242057085 CEST | 443 | 49732 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:00.439477921 CEST | 443 | 49732 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:00.439543962 CEST | 49732 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:00.442163944 CEST | 49732 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:00.442173004 CEST | 443 | 49732 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:00.442406893 CEST | 443 | 49732 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:00.445436954 CEST | 49732 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:00.445593119 CEST | 49732 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:00.445627928 CEST | 443 | 49732 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:00.445683956 CEST | 49732 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:00.445693016 CEST | 443 | 49732 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:01.096539974 CEST | 443 | 49732 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:01.096627951 CEST | 443 | 49732 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:01.096688032 CEST | 49732 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:01.125526905 CEST | 49732 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:01.125540018 CEST | 443 | 49732 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:01.198705912 CEST | 49733 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:01.198736906 CEST | 443 | 49733 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:01.198822021 CEST | 49733 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:01.199120045 CEST | 49733 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:01.199131966 CEST | 443 | 49733 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:01.397073984 CEST | 443 | 49733 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:01.397248983 CEST | 49733 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:01.398431063 CEST | 49733 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:01.398438931 CEST | 443 | 49733 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:01.398636103 CEST | 443 | 49733 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:01.399974108 CEST | 49733 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:01.400089025 CEST | 49733 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:01.400127888 CEST | 443 | 49733 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:01.906864882 CEST | 443 | 49733 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:01.906946898 CEST | 443 | 49733 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:01.907005072 CEST | 49733 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:01.907103062 CEST | 49733 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:01.907111883 CEST | 443 | 49733 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:02.070924997 CEST | 49734 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:02.070946932 CEST | 443 | 49734 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:02.071031094 CEST | 49734 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:02.071311951 CEST | 49734 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:02.071324110 CEST | 443 | 49734 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:02.267488003 CEST | 443 | 49734 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:02.267565966 CEST | 49734 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:02.268707991 CEST | 49734 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:02.268712044 CEST | 443 | 49734 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:02.268919945 CEST | 443 | 49734 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:02.270210028 CEST | 49734 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:02.270339966 CEST | 49734 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:02.270369053 CEST | 443 | 49734 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:02.270514011 CEST | 49734 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:02.270522118 CEST | 443 | 49734 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:02.841142893 CEST | 443 | 49734 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:02.841231108 CEST | 443 | 49734 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:02.841279984 CEST | 49734 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:02.841397047 CEST | 49734 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:02.841404915 CEST | 443 | 49734 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:02.950414896 CEST | 49735 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:02.950458050 CEST | 443 | 49735 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:02.950548887 CEST | 49735 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:02.950882912 CEST | 49735 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:02.950896978 CEST | 443 | 49735 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:03.149204016 CEST | 443 | 49735 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:03.149380922 CEST | 49735 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:03.150619984 CEST | 49735 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:03.150629044 CEST | 443 | 49735 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:03.150826931 CEST | 443 | 49735 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:03.152014017 CEST | 49735 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:03.152143002 CEST | 49735 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:03.152169943 CEST | 443 | 49735 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:03.656982899 CEST | 443 | 49735 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:03.657406092 CEST | 443 | 49735 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:03.657455921 CEST | 49735 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:04.705055952 CEST | 49735 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:04.705087900 CEST | 443 | 49735 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:04.769294024 CEST | 49736 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:04.769335985 CEST | 443 | 49736 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:04.769399881 CEST | 49736 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:04.770098925 CEST | 49736 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:04.770113945 CEST | 443 | 49736 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:04.968396902 CEST | 443 | 49736 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:04.968468904 CEST | 49736 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:04.969655991 CEST | 49736 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:04.969665051 CEST | 443 | 49736 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:04.969876051 CEST | 443 | 49736 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:04.970896959 CEST | 49736 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:04.970982075 CEST | 49736 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:04.970988035 CEST | 443 | 49736 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:05.486159086 CEST | 443 | 49736 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:05.486236095 CEST | 443 | 49736 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:05.486305952 CEST | 49736 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:05.595179081 CEST | 49736 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:05.595204115 CEST | 443 | 49736 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.255019903 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.255069017 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.255165100 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.255481958 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.255498886 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.452229977 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.452472925 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.453949928 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.453963041 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.454170942 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.457420111 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.458575010 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.458612919 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.458724976 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.458760023 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.458874941 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.458906889 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.459042072 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.459074974 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.459229946 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.459266901 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.459425926 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.459462881 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.459471941 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.459608078 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.459649086 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.504127026 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.504430056 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.504482985 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.504498005 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.552119970 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.552314997 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.552372932 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.552405119 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.600117922 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.600239038 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:06.647947073 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:06.743709087 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:09.181916952 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:09.182004929 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
May 1, 2024 01:25:09.182063103 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:09.182190895 CEST | 49737 | 443 | 192.168.2.4 | 172.67.218.63 |
May 1, 2024 01:25:09.182214022 CEST | 443 | 49737 | 172.67.218.63 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 1, 2024 01:24:57.366684914 CEST | 57592 | 53 | 192.168.2.4 | 1.1.1.1 |
May 1, 2024 01:24:57.469002962 CEST | 53 | 57592 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 1, 2024 01:24:57.366684914 CEST | 192.168.2.4 | 1.1.1.1 | 0xed02 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 1, 2024 01:24:57.469002962 CEST | 1.1.1.1 | 192.168.2.4 | 0xed02 | No error (0) | 172.67.218.63 | A (IP address) | IN (0x0001) | false | ||
May 1, 2024 01:24:57.469002962 CEST | 1.1.1.1 | 192.168.2.4 | 0xed02 | No error (0) | 104.21.86.106 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 172.67.218.63 | 443 | 7552 | C:\Users\user\AppData\Local\Temp\RarSFX1\podaw.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-30 23:24:57 UTC | 269 | OUT | |
2024-04-30 23:24:57 UTC | 8 | OUT | |
2024-04-30 23:24:58 UTC | 802 | IN | |
2024-04-30 23:24:58 UTC | 7 | IN | |
2024-04-30 23:24:58 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49731 | 172.67.218.63 | 443 | 7552 | C:\Users\user\AppData\Local\Temp\RarSFX1\podaw.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-30 23:24:58 UTC | 270 | OUT | |
2024-04-30 23:24:58 UTC | 52 | OUT | |
2024-04-30 23:24:58 UTC | 812 | IN | |
2024-04-30 23:24:58 UTC | 557 | IN | |
2024-04-30 23:24:58 UTC | 1369 | IN | |
2024-04-30 23:24:58 UTC | 1369 | IN | |
2024-04-30 23:24:58 UTC | 1369 | IN | |
2024-04-30 23:24:58 UTC | 1369 | IN | |
2024-04-30 23:24:58 UTC | 1369 | IN | |
2024-04-30 23:24:58 UTC | 1369 | IN | |
2024-04-30 23:24:58 UTC | 1369 | IN | |
2024-04-30 23:24:58 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49732 | 172.67.218.63 | 443 | 7552 | C:\Users\user\AppData\Local\Temp\RarSFX1\podaw.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-30 23:25:00 UTC | 288 | OUT | |
2024-04-30 23:25:00 UTC | 15331 | OUT | |
2024-04-30 23:25:00 UTC | 2830 | OUT | |
2024-04-30 23:25:01 UTC | 812 | IN | |
2024-04-30 23:25:01 UTC | 20 | IN | |
2024-04-30 23:25:01 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49733 | 172.67.218.63 | 443 | 7552 | C:\Users\user\AppData\Local\Temp\RarSFX1\podaw.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-30 23:25:01 UTC | 287 | OUT | |
2024-04-30 23:25:01 UTC | 8782 | OUT | |
2024-04-30 23:25:01 UTC | 804 | IN | |
2024-04-30 23:25:01 UTC | 20 | IN | |
2024-04-30 23:25:01 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49734 | 172.67.218.63 | 443 | 7552 | C:\Users\user\AppData\Local\Temp\RarSFX1\podaw.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-30 23:25:02 UTC | 288 | OUT | |
2024-04-30 23:25:02 UTC | 15331 | OUT | |
2024-04-30 23:25:02 UTC | 5104 | OUT | |
2024-04-30 23:25:02 UTC | 812 | IN | |
2024-04-30 23:25:02 UTC | 20 | IN | |
2024-04-30 23:25:02 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49735 | 172.67.218.63 | 443 | 7552 | C:\Users\user\AppData\Local\Temp\RarSFX1\podaw.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-30 23:25:03 UTC | 287 | OUT | |
2024-04-30 23:25:03 UTC | 5432 | OUT | |
2024-04-30 23:25:03 UTC | 806 | IN | |
2024-04-30 23:25:03 UTC | 20 | IN | |
2024-04-30 23:25:03 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49736 | 172.67.218.63 | 443 | 7552 | C:\Users\user\AppData\Local\Temp\RarSFX1\podaw.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-30 23:25:04 UTC | 287 | OUT | |
2024-04-30 23:25:04 UTC | 1405 | OUT | |
2024-04-30 23:25:05 UTC | 810 | IN | |
2024-04-30 23:25:05 UTC | 20 | IN | |
2024-04-30 23:25:05 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49737 | 172.67.218.63 | 443 | 7552 | C:\Users\user\AppData\Local\Temp\RarSFX1\podaw.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-30 23:25:06 UTC | 289 | OUT | |
2024-04-30 23:25:06 UTC | 15331 | OUT | |
2024-04-30 23:25:06 UTC | 15331 | OUT | |
2024-04-30 23:25:06 UTC | 15331 | OUT | |
2024-04-30 23:25:06 UTC | 15331 | OUT | |
2024-04-30 23:25:06 UTC | 15331 | OUT | |
2024-04-30 23:25:06 UTC | 15331 | OUT | |
2024-04-30 23:25:06 UTC | 15331 | OUT | |
2024-04-30 23:25:06 UTC | 15331 | OUT | |
2024-04-30 23:25:06 UTC | 15331 | OUT | |
2024-04-30 23:25:06 UTC | 15331 | OUT | |
2024-04-30 23:25:09 UTC | 806 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 01:24:54 |
Start date: | 01/05/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd0000 |
File size: | 6'401'863 bytes |
MD5 hash: | 9FB56DD5B5BEB0B9C5D0102F22373C0B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 01:24:54 |
Start date: | 01/05/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 01:24:54 |
Start date: | 01/05/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 01:24:54 |
Start date: | 01/05/2024 |
Path: | C:\Users\user\AppData\Local\Temp\RarSFX0\work.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9e0000 |
File size: | 6'067'123 bytes |
MD5 hash: | 8EEEA65D388106B4489D07E025E17FED |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 01:24:55 |
Start date: | 01/05/2024 |
Path: | C:\Users\user\AppData\Local\Temp\RarSFX1\podaw.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd60000 |
File size: | 5'739'520 bytes |
MD5 hash: | 125C7EFDEF3F11C70B514739B1BAB646 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 9.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 9.4% |
Total number of Nodes: | 1620 |
Total number of Limit Nodes: | 44 |
Graph
Function 000EF05C Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 202filesleeptimeCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EB6D2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100memorywindowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DBA94 Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EBEFF Relevance: 7.6, APIs: 5, Instructions: 62COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EC9D0 Relevance: 102.2, APIs: 49, Strings: 9, Instructions: 734windowfilesleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E1B83 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EE619 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EE8DF Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 184windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EC324 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EED8B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EC758 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000F4DA2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DA9E5 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000FBEF4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DB20A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DB542 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000FC12C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000FBF6F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000FCDB0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DACD4 Relevance: 3.1, APIs: 2, Instructions: 134COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000FCBE7 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DB032 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DA8CE Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000D1F30 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000F4D02 Relevance: 3.1, APIs: 2, Instructions: 67libraryloaderCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DB110 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EBFB3 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000FA6A4 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E23BD Relevance: 3.0, APIs: 2, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DF968 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DB8E6 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DB470 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EBD81 Relevance: 3.0, APIs: 2, Instructions: 26comCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF002 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DB4D3 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E1B3B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EB3C8 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000F3D1C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000D12D1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000D12B3 Relevance: 3.0, APIs: 2, Instructions: 8COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000D1AD3 Relevance: 1.8, APIs: 1, Instructions: 319COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000D42F1 Relevance: 1.7, APIs: 1, Instructions: 177COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000D90A2 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000D13FD Relevance: 1.6, APIs: 1, Instructions: 107COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000D13F8 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EC217 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000FBE58 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DA475 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EEBA2 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000FD639 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000FC2F6 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000FA7FE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DA880 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DB966 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E2128 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EB636 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EEEBD Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DAB1C Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF32B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF346 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF35A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF350 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF364 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF378 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF38C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF382 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF396 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF3AA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF3A0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF3BE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF3C8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF3DC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF57D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF573 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF5A5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF699 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF6BE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF6B4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF6C8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF6D2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF71F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF73D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF733 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF373 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF3B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF3D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF3EB Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF3FF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF3F5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF409 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF41D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF413 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF427 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF431 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF549 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF56E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF564 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF58C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF596 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF5A0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF6EB Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF6E1 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF6FF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF6F5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF71A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF72E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DB199 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EBC19 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000ED420 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 233windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000D7AAF Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 337fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000FEAAE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000F0A0A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF82F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EC093 Relevance: 3.0, APIs: 2, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000D7727 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000F0826 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DC365 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000D4A8E Relevance: 1.5, Strings: 1, Instructions: 276COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000F0B9D Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000FD1F0 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E742E Relevance: .8, Instructions: 807COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E88AF Relevance: .8, Instructions: 781COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E07A7 Relevance: .7, Instructions: 694COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E8253 Relevance: .5, Instructions: 528COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DD833 Relevance: .5, Instructions: 454COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E7DDC Relevance: .3, Instructions: 343COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DFCCC Relevance: .3, Instructions: 320COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E5282 Relevance: .3, Instructions: 270COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E55B0 Relevance: .2, Instructions: 243COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000F64D7 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000F62A8 Relevance: .2, Instructions: 214COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E02F7 Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E13FD Relevance: .1, Instructions: 141COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E5011 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000ED884 Relevance: 49.4, APIs: 24, Strings: 4, Instructions: 428windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EE7EE Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000FA421 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000F3FC1 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EA6D1 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 126memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EC7B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EBC2B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000DA5E9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E2538 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0010084D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EF77A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E2799 Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EC8CD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000F9235 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E0627 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000FD0F0 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E220D Relevance: 7.5, APIs: 5, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E3338 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000F9CD0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000F4366 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000D10E0 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000D851F Relevance: 6.1, APIs: 4, Instructions: 118COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000D8704 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EB673 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000D80BE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000EEEF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E233E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000E2303 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 10.4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 0% |
Total number of Nodes: | 1663 |
Total number of Limit Nodes: | 60 |
Graph
Function 009FF05C Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 202filesleeptimeCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EBA94 Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FC9D0 Relevance: 102.2, APIs: 49, Strings: 9, Instructions: 734windowfilesleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F1B83 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FE619 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FE8DF Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 184windowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FB6D2 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100memorywindowCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FC324 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FED8B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F0627 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FBEFF Relevance: 7.6, APIs: 5, Instructions: 62COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FC758 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A04DA2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EA9E5 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A0BEF4 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EB20A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EB542 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A0C12C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A0BF6F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A0CDB0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EACD4 Relevance: 3.1, APIs: 2, Instructions: 134COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A0CBE7 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EB032 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EA8CE Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E1F30 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A04D02 Relevance: 3.1, APIs: 2, Instructions: 67libraryloaderCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EB110 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FBFB3 Relevance: 3.0, APIs: 2, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A0A6A4 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F23BD Relevance: 3.0, APIs: 2, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A0962A Relevance: 3.0, APIs: 2, Instructions: 33COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EF968 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EB8E6 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EB470 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FBD81 Relevance: 3.0, APIs: 2, Instructions: 26comCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF002 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EB4D3 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F1B3B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FB3C8 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A03D1C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E12D1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E12B3 Relevance: 3.0, APIs: 2, Instructions: 8COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E1AD3 Relevance: 1.8, APIs: 1, Instructions: 319COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E6DEF Relevance: 1.7, APIs: 1, Instructions: 183COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E42F1 Relevance: 1.7, APIs: 1, Instructions: 177COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E90A2 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E13FD Relevance: 1.6, APIs: 1, Instructions: 107COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E13F8 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FC217 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A0BE58 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EA475 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FEBA2 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E4727 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A0A7FE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EA880 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EB966 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F0752 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F2128 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FB636 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FEEBD Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F0534 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EAB1C Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF396 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF38C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF382 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF3BE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF3AA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF3A0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF3DC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF3C8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF32B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF35A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF350 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF346 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF378 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF364 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF5A5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF57D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF573 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF699 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF6BE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF6B4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF6D2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF6C8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF71F Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF73D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF733 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF3B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF3D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF3FF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF3F5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF3EB Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF373 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF41D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF413 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF409 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF431 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF427 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF596 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF58C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF5A0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF549 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF56E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF564 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF6FF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF6F5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF6EB Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF6E1 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF71A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF72E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EB199 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FBC19 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FD420 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 233windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A00A0A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FD884 Relevance: 49.4, APIs: 24, Strings: 4, Instructions: 428windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E7AAF Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 337fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FE7EE Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A0A421 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A03FC1 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FA6D1 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 126memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FC7B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FBC2B Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009EA5E9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F2538 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A1084D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF77A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F2799 Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FC8CD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A09235 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A0D0F0 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F220D Relevance: 7.5, APIs: 5, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F3338 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A09CD0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A04366 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E10E0 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E851F Relevance: 6.1, APIs: 4, Instructions: 118COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E8704 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FB673 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009E80BE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FEEF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F233E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009FF82F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009F2303 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |